You are viewing a plain text version of this content. The canonical link for it is here.
Posted to fx-dev@ws.apache.org by "Tim K. (Gmane)" <tk...@idpax.com> on 2006/05/02 01:48:47 UTC
specifying crypto properties programmatically
Hello -
I'm trying to use WSS4J's encryption & signature in Axis. The goal is to
use its configuration files as much as possible. I got UsernameToken
working so far and I'm trying to add encryption + signature.
The problem is that I can't seem to figure out a way to specify the
properties in crypto.properties in a programmatic way. I do not have a
static location for the keystore file location, it is known only at
runtime and it may be different for different users.
Is there a way to provide a Properties object that I can create at runtime
instead of crypto.properties file? Or is there a way to be asked for the
keys via a Callback handler rather than have WSS4J look in the keystore?
That would work too, but I would like to stay away from writing my own
Axis handlers and doing encryption and signature programmatically in the
handlers, I'd like to use the existing handlers and configuration files.
Or maybe I need to extend the Merlin class and add the properties
programmatically when my class is constructed?
What is the key solution, please?
thank you
--
Tim
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
Re: specifying crypto properties programmatically
Posted by "Tim K. (Gmane)" <tk...@idpax.com>.
> - in the constructor of my class I'm passed a Properties object. Add
> the rest of the properties to it such as the keystore location,
> password, etc. Then call the super() constructor with the "patched"
> Properties object.
>
My mistake. This won't work, I won't be able to patch the Properties
object, I have to call super() first, so I'd have to use my own static
Properties object for example.
Still early morning here :)
Tim
---------------------------------------------------------------------
To unsubscribe, e-mail: sandesha-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: sandesha-dev-help@ws.apache.org
Re: specifying crypto properties programmatically
Posted by Ruchith Fernando <ru...@gmail.com>.
Oops :-)
[2] http://rafb.net/paste/results/CAxvyA66.html
On 5/10/06, Ruchith Fernando <ru...@gmail.com> wrote:
> Hi Tim,
>
> Please see my comments below:
>
> > One more related question please: if I implement a password callback and
> > I get a WSPasswordCallback instance, when would its usage be KEY_NAME ?
>
> Please see the interop scenario4 where it uses.
> <parameter name="EmbeddedKeyName" value="SessionKey" />
> This is the name of a key that is known to the both parties by that
> particular name.
>
> This callback handler impl [1] uses this scenario to encrypt the
> message with the key.
>
> > I assume this is for cases where I do not provide a crypto.properties
> > file hence WSS4J tries to get the key via a callback? Is this how this
> > works if I want to manage the keystore myself?
>
> I don't think this will help in your case ... Seems like you will have
> to implement a new org.apache.ws.security.components.crypto.Crypto
> impl as I mentioned in my first response. The KEY_NAME scenario will
> require both service and client to know the key by the _name_ of the
> key. And this name is sent in the SOAP message. Example messages are
> available here : [2] (See the
> soapenv:Envelope/soapenv:Body/xenc:EncryptedData/ds:KeyInfo/ds:KeyName)
>
> Thanks,
> Ruchith
>
> [1] http://svn.apache.org/repos/asf/webservices/wss4j/trunk/interop/org/apache/ws/axis/oasis/PWCallback.java
> [2]
>
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
Re: specifying crypto properties programmatically
Posted by Ruchith Fernando <ru...@gmail.com>.
Oops :-)
[2] http://rafb.net/paste/results/CAxvyA66.html
On 5/10/06, Ruchith Fernando <ru...@gmail.com> wrote:
> Hi Tim,
>
> Please see my comments below:
>
> > One more related question please: if I implement a password callback and
> > I get a WSPasswordCallback instance, when would its usage be KEY_NAME ?
>
> Please see the interop scenario4 where it uses.
> <parameter name="EmbeddedKeyName" value="SessionKey" />
> This is the name of a key that is known to the both parties by that
> particular name.
>
> This callback handler impl [1] uses this scenario to encrypt the
> message with the key.
>
> > I assume this is for cases where I do not provide a crypto.properties
> > file hence WSS4J tries to get the key via a callback? Is this how this
> > works if I want to manage the keystore myself?
>
> I don't think this will help in your case ... Seems like you will have
> to implement a new org.apache.ws.security.components.crypto.Crypto
> impl as I mentioned in my first response. The KEY_NAME scenario will
> require both service and client to know the key by the _name_ of the
> key. And this name is sent in the SOAP message. Example messages are
> available here : [2] (See the
> soapenv:Envelope/soapenv:Body/xenc:EncryptedData/ds:KeyInfo/ds:KeyName)
>
> Thanks,
> Ruchith
>
> [1] http://svn.apache.org/repos/asf/webservices/wss4j/trunk/interop/org/apache/ws/axis/oasis/PWCallback.java
> [2]
>
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
Re: specifying crypto properties programmatically
Posted by Ruchith Fernando <ru...@gmail.com>.
Hi Tim,
Please see my comments below:
> One more related question please: if I implement a password callback and
> I get a WSPasswordCallback instance, when would its usage be KEY_NAME ?
Please see the interop scenario4 where it uses.
<parameter name="EmbeddedKeyName" value="SessionKey" />
This is the name of a key that is known to the both parties by that
particular name.
This callback handler impl [1] uses this scenario to encrypt the
message with the key.
> I assume this is for cases where I do not provide a crypto.properties
> file hence WSS4J tries to get the key via a callback? Is this how this
> works if I want to manage the keystore myself?
I don't think this will help in your case ... Seems like you will have
to implement a new org.apache.ws.security.components.crypto.Crypto
impl as I mentioned in my first response. The KEY_NAME scenario will
require both service and client to know the key by the _name_ of the
key. And this name is sent in the SOAP message. Example messages are
available here : [2] (See the
soapenv:Envelope/soapenv:Body/xenc:EncryptedData/ds:KeyInfo/ds:KeyName)
Thanks,
Ruchith
[1] http://svn.apache.org/repos/asf/webservices/wss4j/trunk/interop/org/apache/ws/axis/oasis/PWCallback.java
[2]
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
Re: specifying crypto properties programmatically
Posted by "Tim K. (Gmane)" <tk...@idpax.com>.
> - in the constructor of my class I'm passed a Properties object. Add
> the rest of the properties to it such as the keystore location,
> password, etc. Then call the super() constructor with the "patched"
> Properties object.
>
My mistake. This won't work, I won't be able to patch the Properties
object, I have to call super() first, so I'd have to use my own static
Properties object for example.
Still early morning here :)
Tim
---------------------------------------------------------------------
To unsubscribe, e-mail: sandesha-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: sandesha-dev-help@ws.apache.org
Re: specifying crypto properties programmatically
Posted by Ruchith Fernando <ru...@gmail.com>.
Hi Tim,
Please see my comments below:
> One more related question please: if I implement a password callback and
> I get a WSPasswordCallback instance, when would its usage be KEY_NAME ?
Please see the interop scenario4 where it uses.
<parameter name="EmbeddedKeyName" value="SessionKey" />
This is the name of a key that is known to the both parties by that
particular name.
This callback handler impl [1] uses this scenario to encrypt the
message with the key.
> I assume this is for cases where I do not provide a crypto.properties
> file hence WSS4J tries to get the key via a callback? Is this how this
> works if I want to manage the keystore myself?
I don't think this will help in your case ... Seems like you will have
to implement a new org.apache.ws.security.components.crypto.Crypto
impl as I mentioned in my first response. The KEY_NAME scenario will
require both service and client to know the key by the _name_ of the
key. And this name is sent in the SOAP message. Example messages are
available here : [2] (See the
soapenv:Envelope/soapenv:Body/xenc:EncryptedData/ds:KeyInfo/ds:KeyName)
Thanks,
Ruchith
[1] http://svn.apache.org/repos/asf/webservices/wss4j/trunk/interop/org/apache/ws/axis/oasis/PWCallback.java
[2]
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
Re: specifying crypto properties programmatically
Posted by "Tim K. (Gmane)" <tk...@idpax.com>.
Thanks for your reply.
I think that the following should work:
- extend Merlin (which is a public class) with my own class MyMerlin
- create a file crypto.properties that has one entry
org.apache.ws.security.crypto.provider=MyMerlin
- in the constructor of my class I'm passed a Properties object. Add the
rest of the properties to it such as the keystore location, password,
etc. Then call the super() constructor with the "patched" Properties object.
Would this work or am I missing something here?
One more related question please: if I implement a password callback and
I get a WSPasswordCallback instance, when would its usage be KEY_NAME ?
I assume this is for cases where I do not provide a crypto.properties
file hence WSS4J tries to get the key via a callback? Is this how this
works if I want to manage the keystore myself?
thank you
Tim
Ruchith Fernando wrote:
> Hi Tim,
>
> IMHO right now the user cannot provide a java.util.Propertis object as
> the crypto properties and the user _must_ specify properties file, if
> you are using the standard WSDoAll* handlers.
>
> Also if you don't want to use a keystore, then you will have to
> implement the org.apache.ws.security.components.crypto.Crypto impl and
> you _must_ specify the implementation class name in it as the value of
> the property "org.apache.ws.security.crypto.provider" in the
> properties file mentioned above.
> You can also consider implementing this in such a way that it can get
> the configurations it needs at the run time (may be using a static
> thread local hook to change the config params when required).
>
> Thanks,
> Ruchith
>
>
>
> On 5/2/06, Tim K. (Gmane)
> <tk...@idpax.com> wrote:
>>
>> Hello -
>>
>> I'm trying to use WSS4J's encryption & signature in Axis. The goal is to
>> use its configuration files as much as possible. I got UsernameToken
>> working so far and I'm trying to add encryption + signature.
>>
>> The problem is that I can't seem to figure out a way to specify the
>> properties in crypto.properties in a programmatic way. I do not have a
>> static location for the keystore file location, it is known only at
>> runtime and it may be different for different users.
>>
>> Is there a way to provide a Properties object that I can create at
>> runtime
>> instead of crypto.properties file? Or is there a way to be asked for the
>> keys via a Callback handler rather than have WSS4J look in the keystore?
>> That would work too, but I would like to stay away from writing my own
>> Axis handlers and doing encryption and signature programmatically in the
>> handlers, I'd like to use the existing handlers and configuration files.
>>
>> Or maybe I need to extend the Merlin class and add the properties
>> programmatically when my class is constructed?
>>
>> What is the key solution, please?
>>
>> thank you
>>
>> --
>> Tim
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail:
>> wss4j-dev-unsubscribe@ws.apache.org
>> For additional commands, e-mail:
>> wss4j-dev-help@ws.apache.org
>>
>>
---------------------------------------------------------------------
To unsubscribe, e-mail: sandesha-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: sandesha-dev-help@ws.apache.org
Re: specifying crypto properties programmatically
Posted by "Tim K. (Gmane)" <tk...@idpax.com>.
Thanks for your reply.
I think that the following should work:
- extend Merlin (which is a public class) with my own class MyMerlin
- create a file crypto.properties that has one entry
org.apache.ws.security.crypto.provider=MyMerlin
- in the constructor of my class I'm passed a Properties object. Add the
rest of the properties to it such as the keystore location, password,
etc. Then call the super() constructor with the "patched" Properties object.
Would this work or am I missing something here?
One more related question please: if I implement a password callback and
I get a WSPasswordCallback instance, when would its usage be KEY_NAME ?
I assume this is for cases where I do not provide a crypto.properties
file hence WSS4J tries to get the key via a callback? Is this how this
works if I want to manage the keystore myself?
thank you
Tim
Ruchith Fernando wrote:
> Hi Tim,
>
> IMHO right now the user cannot provide a java.util.Propertis object as
> the crypto properties and the user _must_ specify properties file, if
> you are using the standard WSDoAll* handlers.
>
> Also if you don't want to use a keystore, then you will have to
> implement the org.apache.ws.security.components.crypto.Crypto impl and
> you _must_ specify the implementation class name in it as the value of
> the property "org.apache.ws.security.crypto.provider" in the
> properties file mentioned above.
> You can also consider implementing this in such a way that it can get
> the configurations it needs at the run time (may be using a static
> thread local hook to change the config params when required).
>
> Thanks,
> Ruchith
>
>
>
> On 5/2/06, Tim K. (Gmane)
> <tk...@idpax.com> wrote:
>>
>> Hello -
>>
>> I'm trying to use WSS4J's encryption & signature in Axis. The goal is to
>> use its configuration files as much as possible. I got UsernameToken
>> working so far and I'm trying to add encryption + signature.
>>
>> The problem is that I can't seem to figure out a way to specify the
>> properties in crypto.properties in a programmatic way. I do not have a
>> static location for the keystore file location, it is known only at
>> runtime and it may be different for different users.
>>
>> Is there a way to provide a Properties object that I can create at
>> runtime
>> instead of crypto.properties file? Or is there a way to be asked for the
>> keys via a Callback handler rather than have WSS4J look in the keystore?
>> That would work too, but I would like to stay away from writing my own
>> Axis handlers and doing encryption and signature programmatically in the
>> handlers, I'd like to use the existing handlers and configuration files.
>>
>> Or maybe I need to extend the Merlin class and add the properties
>> programmatically when my class is constructed?
>>
>> What is the key solution, please?
>>
>> thank you
>>
>> --
>> Tim
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail:
>> wss4j-dev-unsubscribe@ws.apache.org
>> For additional commands, e-mail:
>> wss4j-dev-help@ws.apache.org
>>
>>
---------------------------------------------------------------------
To unsubscribe, e-mail: sandesha-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: sandesha-dev-help@ws.apache.org
Re: specifying crypto properties programmatically
Posted by Ruchith Fernando <ru...@gmail.com>.
Hi Tim,
IMHO right now the user cannot provide a java.util.Propertis object as
the crypto properties and the user _must_ specify properties file, if
you are using the standard WSDoAll* handlers.
Also if you don't want to use a keystore, then you will have to
implement the org.apache.ws.security.components.crypto.Crypto impl and
you _must_ specify the implementation class name in it as the value of
the property "org.apache.ws.security.crypto.provider" in the
properties file mentioned above.
You can also consider implementing this in such a way that it can get
the configurations it needs at the run time (may be using a static
thread local hook to change the config params when required).
Thanks,
Ruchith
On 5/2/06, Tim K. (Gmane) <tk...@idpax.com> wrote:
>
> Hello -
>
> I'm trying to use WSS4J's encryption & signature in Axis. The goal is to
> use its configuration files as much as possible. I got UsernameToken
> working so far and I'm trying to add encryption + signature.
>
> The problem is that I can't seem to figure out a way to specify the
> properties in crypto.properties in a programmatic way. I do not have a
> static location for the keystore file location, it is known only at
> runtime and it may be different for different users.
>
> Is there a way to provide a Properties object that I can create at runtime
> instead of crypto.properties file? Or is there a way to be asked for the
> keys via a Callback handler rather than have WSS4J look in the keystore?
> That would work too, but I would like to stay away from writing my own
> Axis handlers and doing encryption and signature programmatically in the
> handlers, I'd like to use the existing handlers and configuration files.
>
> Or maybe I need to extend the Merlin class and add the properties
> programmatically when my class is constructed?
>
> What is the key solution, please?
>
> thank you
>
> --
> Tim
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
> For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
Re: specifying crypto properties programmatically
Posted by Ruchith Fernando <ru...@gmail.com>.
Hi Tim,
IMHO right now the user cannot provide a java.util.Propertis object as
the crypto properties and the user _must_ specify properties file, if
you are using the standard WSDoAll* handlers.
Also if you don't want to use a keystore, then you will have to
implement the org.apache.ws.security.components.crypto.Crypto impl and
you _must_ specify the implementation class name in it as the value of
the property "org.apache.ws.security.crypto.provider" in the
properties file mentioned above.
You can also consider implementing this in such a way that it can get
the configurations it needs at the run time (may be using a static
thread local hook to change the config params when required).
Thanks,
Ruchith
On 5/2/06, Tim K. (Gmane) <tk...@idpax.com> wrote:
>
> Hello -
>
> I'm trying to use WSS4J's encryption & signature in Axis. The goal is to
> use its configuration files as much as possible. I got UsernameToken
> working so far and I'm trying to add encryption + signature.
>
> The problem is that I can't seem to figure out a way to specify the
> properties in crypto.properties in a programmatic way. I do not have a
> static location for the keystore file location, it is known only at
> runtime and it may be different for different users.
>
> Is there a way to provide a Properties object that I can create at runtime
> instead of crypto.properties file? Or is there a way to be asked for the
> keys via a Callback handler rather than have WSS4J look in the keystore?
> That would work too, but I would like to stay away from writing my own
> Axis handlers and doing encryption and signature programmatically in the
> handlers, I'd like to use the existing handlers and configuration files.
>
> Or maybe I need to extend the Merlin class and add the properties
> programmatically when my class is constructed?
>
> What is the key solution, please?
>
> thank you
>
> --
> Tim
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
> For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org