You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-user@axis.apache.org by Dmitry Brigadirov <dm...@gmail.com> on 2006/09/11 15:11:50 UTC
axis2: security sample (about the names)
I've asked about generating own certificates for Axis here:
http://marc.theaimsgroup.com/?l=axis-user&m=115770741811175&w=2
and was pointed to the page "Setting Up Keystores for a Client and a
Service".
I've managed to generate a working keystroke, but they only work with names
"alice" and "bob" as in the example.
If I change the name (in axis2.conf, PWClass.class, certificate) - client
side works fine, but service replies with Unexpected number of X509Data: for
Signature
Am I wrong anywhere?
Thanks
--
Dmitry Brigadirov
[rampard]Sygniture Algorithm Failure
Posted by Angel Cholchev <a....@bg.seeburger.com>.
Hello,
I have the fallowing exception when I try to sign the envelope with
http://www.w3.org/2000/09/xmldsig#dsa-sha1 algorithm. It is strange,
that the signing works perfeclty when I set
http://www.w3.org/2000/09/xmldsig#rsa-sha1 as a signing algorithm.
org.apache.xml.security.signature.XMLSignatureException: not a
DSA private key: SunJSSE RSA private CRT key:
My key entry uses SHA1withDSA as signiture algorithm. Can anyone point
me, where the problem might be?
Thanks in advance,
Angel Cholchev
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-user-help@ws.apache.org
Re: [Rampart]Supported Algorithms?
Posted by Ruchith Fernando <ru...@gmail.com>.
Hi,
On 9/12/06, Angel Cholchev <a....@bg.seeburger.com> wrote:
> Hello again,
> I've read carefully
> http://ws.apache.org/axis2/modules/rampart/1_0/security-module.html.
> I'm concerned about the Signature and Digest algorithms(which are not
> described in this document). Are these algorithms supported as options
> or are they hardcoded.I also have noticed some problems with the
> encryption algorithms. When I use trip168 and aes128 rampart works
> great, but when I set aes192 or aes256 the handler throws an exception.
> Are these algorithms supported?
You have to enable JCE Unlimited Strength Policy using "Java
Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy
Files" to be able to use AES192 and AES256.
The algorithms you can use can be found in the WSConstants class here [1]
Thanks,
Ruchith
[1] https://svn.apache.org/repos/asf/webservices/wss4j/trunk/src/org/apache/ws/security/WSConstants.java
> Angel Cholchev
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
> For additional commands, e-mail: axis-user-help@ws.apache.org
>
>
--
www.ruchith.org
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-user-help@ws.apache.org
[Rampart]Supported Algorithms?
Posted by Angel Cholchev <a....@bg.seeburger.com>.
Hello again,
I've read carefully
http://ws.apache.org/axis2/modules/rampart/1_0/security-module.html.
I'm concerned about the Signature and Digest algorithms(which are not
described in this document). Are these algorithms supported as options
or are they hardcoded.I also have noticed some problems with the
encryption algorithms. When I use trip168 and aes128 rampart works
great, but when I set aes192 or aes256 the handler throws an exception.
Are these algorithms supported?
Angel Cholchev
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-user-help@ws.apache.org
Re: axis2: security sample (about the names)
Posted by Ruchith Fernando <ru...@gmail.com>.
Hi Dmitry,
Please check whether the value of the "<user>" element of the
services.xml is the alias of the private key you want to use at the
service to sign the response.
Thanks,
Ruchith
On 9/11/06, Dmitry Brigadirov <dm...@gmail.com> wrote:
> Yeah, I saw it... I can configure it on the client side at axis2.xml -
> everything works fine with any name here.
> But I get this error on the Service-side.
> Service and client have the same pwcallback class, and the same keystroke
> file.
>
> Can service keep 'name' values anywhere else?
>
> Thanks,
> Dmitry
>
--
www.ruchith.org
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-user-help@ws.apache.org
Re: axis2: security sample (about the names)
Posted by Dmitry Brigadirov <dm...@gmail.com>.
Yeah, I saw it... I can configure it on the client side at axis2.xml -
everything works fine with any name here.
But I get this error on the Service-side.
Service and client have the same pwcallback class, and the same keystroke
file.
Can service keep 'name' values anywhere else?
Thanks,
Dmitry
Re: axis2: security sample (about the names)
Posted by Ruchith Fernando <ru...@gmail.com>.
Please try this:
http://www.wso2.net/kb/116
Thanks,
Ruchith
On 9/11/06, Dmitry Brigadirov <dm...@gmail.com> wrote:
> I've asked about generating own certificates for Axis here:
> http://marc.theaimsgroup.com/?l=axis-user&m=115770741811175&w=2
> and was pointed to the page "Setting Up Keystores for a Client and a
> Service".
>
> I've managed to generate a working keystroke, but they only work with names
> "alice" and "bob" as in the example.
>
> If I change the name (in axis2.conf, PWClass.class, certificate) - client
> side works fine, but service replies with Unexpected number of X509Data: for
> Signature
>
> Am I wrong anywhere?
> Thanks
> --
> Dmitry Brigadirov
--
www.ruchith.org
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-user-help@ws.apache.org