You are viewing a plain text version of this content. The canonical link for it is here.
Posted to fx-dev@ws.apache.org by Xinjun Chen <xj...@gmail.com> on 2006/11/09 02:58:54 UTC
Using WSSecSignature
Hi,
I am trying to use WSS4J as API to do signature for a SOAPEnvelope. More
specifically, I am using WSSecSignature with the following sample crypto
provided by WSS4J to do the testing.
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=pkcs12
org.apache.ws.security.crypto.merlin.keystore.password=security
org.apache.ws.security.crypto.merlin.keystore.alias=16c73ab6-b892-458f-abf5-2f875f74882e
org.apache.ws.security.crypto.merlin.alias.password=security
org.apache.ws.security.crypto.merlin.file=keys/x509.PFX.MSFT
However, I received the following exception:
unknown attr1.3.6.1.4.1.311.17.1
Doc after insert security header: <?xml version="1.0" encoding="UTF-8"?>
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><SOAP-ENV:Header<http://www.w3.org/2001/XMLSchema-instance%22%3E%3CSOAP-ENV:Header>
>
<wsse:Security SOAP-ENV:mustUnderstand="1"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"/></SOAP-ENV:Header><SOAP-ENV:Body><sayHello<http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd%22/%3E%3C/SOAP-ENV:Header%3E%3CSOAP-ENV:Body%3E%3CsayHello>xmlns="http://services/helloworld"><value>Hello<http://services/helloworld%22%3E%3Cvalue%3EHello>world!</value></sayHello></SOAP-ENV:Body></SOAP-ENV:Envelope>
*java.lang.NullPointerException
at com.sun.net.ssl.internal.ssl.PKCS12KeyStore.engineGetCertificateChain(DashoA6275)
at java.security.KeyStore.getCertificateChain(KeyStore.java:312)
* at org.apache.ws.security.components.crypto.AbstractCrypto.getCertificates
(AbstractCrypto.java:407)
at org.apache.ws.security.message.WSSecSignature.prepare (*
WSSecSignature.java:272*)
at org.apache.ws.security.message.WSSecSignature.build(WSSecSignature.java
:643)
at tests.TestX509Signature.main(TestX509Signature.java:108)
Exception in thread "main"
I am using the WSS4J 1.5, Sun JDK1.4.2.
>From google, I know that the message "unknown attr1.3.6.1.4.1.311.17.1" can
be just ignored.
It seems that the NullPointerException is due to the empty cert chain. But
there should be at least one cert in the chain, right?
Could anyone suggest what I can do? Those who has managed to do signature
using the sample crypto.propertie, could you help? Thank you.
Regards,
Xinjun
Re: Using WSSecSignature
Posted by Ruchith Fernando <ru...@gmail.com>.
Please see the TestWSSecurityNew* tests available here :
https://svn.apache.org/repos/asf/webservices/wss4j/trunk/test/wssec
See how they use the WSSecurityEngine.
Thanks,
Ruchith
On 11/9/06, Xinjun Chen <xj...@gmail.com> wrote:
> Hi Ruchith,
>
> Thank you for your pointer. :-)
>
>
> security.provider.7=org.bouncycastle.jce.provider.BouncyCastleProvider
>
> is one of the reasons for the error. I have set the provider in JDK1.4.1 but
> forget to set in JDK1.5.
>
> After done that I also meet some other exceptions. Here I just list the
> exceptions I encountered and solutions I used for the reference of future
> newbies.
>
> 1. Unexpected number of X509Data: for Signature.
>
> For my test, the reason is because I didn't set username and password to
> the WSSecSignature signer. I had thought the alias and password in the
> crypto.property will be used. However it turns out not. So simply add one
> line in test code:
>
> signer.setUserInfo(alias, password);
>
> 2. Sorry, you supplied the wrong key type for this operation! You supplied
> a sun.security.provider.DSAPrivateKey but a
> javax.crypto.SecretKey is needed.
> This error is somehow clearer. It hits me that the Signature algorithm may
> not be set properly.
> I changed the signature algorithm to
> XMLSignature.ALGO_ID_SIGNATURE_DSA, then it is ok. The
> signature algorithm and the provided cert algorithm must match. The specific
> line is
> signer.setSignatureAlgorithm(XMLSignature.ALGO_ID_SIGNATURE_DSA);
>
> Now I am trying to verify the test signature generated. Is there any sample
> to do that?
>
> Regards,
> Xinjun
>
>
> On 11/9/06, Ruchith Fernando <ru...@gmail.com> wrote:
> > Please try this :
> >
> > http://ws.apache.org/axis2/faq.html#a3
> >
> > (General#3)
> >
> > thanks,
> > Ruchith
> >
> > On 11/9/06, Xinjun Chen <xj...@gmail.com> wrote:
> > > Hi
> > >
> > > I got the following new exception when I switch to JDK1.5. I have
> already
> > > include bouncycastle in the classpath.
> > >
> > > I feel it is some common error. Could you enlighten me on it? Do I
> missed
> > > some step? I am using the sample crypto.properties provided by WSS4J.
> > >
> > >
> > > java.io.IOException: failed to decrypt safe contents entry:
> > > javax.crypto.BadPaddingException: Given final block not
> > > properly padded
> > > at
> > > com.sun.net.ssl.internal.ssl.PKCS12KeyStore.engineLoad
> (PKCS12KeyStore.java:1275)
> > > at java.security.KeyStore.load(KeyStore.java:1150)
> > > at
> > >
> org.apache.ws.security.components.crypto.AbstractCrypto.load(AbstractCrypto.java:525)
> > > at
> > > org.apache.ws.security.components.crypto.AbstractCrypto
> .<init>(
> > > AbstractCrypto.java:121)
> > > at
> > >
> org.apache.ws.security.components.crypto.Merlin.<init>(Merlin.java:62)
> > >
> > > Caused by: javax.crypto.BadPaddingException: Given
> final
> > > block not properly padded
> > > at com.sun.crypto.provider.SunJCE_h.b(DashoA12275)
> > > at com.sun.crypto.provider.SunJCE_h.b(DashoA12275)
> > > at com.sun.crypto.provider.SunJCE_ab.b (DashoA12275)
> > > at
> > >
> com.sun.crypto.provider.PKCS12PBECipherCore$PBEWithSHA1AndRC2_40.engineDoFinal(DashoA12275)
> > > at javax.crypto.Cipher.doFinal(DashoA12275)
> > > at
> com.sun.net.ssl.internal.ssl.PKCS12KeyStore.engineLoad
> > > (PKCS12KeyStore.java:1272)
> > >
> > >
> > >
> > >
> > > On 11/9/06, Xinjun Chen <xj...@gmail.com> wrote:
> > > >
> > > > Hi,
> > > >
> > > > I am trying to use WSS4J as API to do signature for a SOAPEnvelope.
> More
> > > specifically, I am using WSSecSignature with the following sample crypto
> > > provided by WSS4J to do the testing.
> > > >
> > > >
> > >
> org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
> > > >
> > >
> org.apache.ws.security.crypto.merlin.keystore.type=pkcs12
> > > >
> > >
> org.apache.ws.security.crypto.merlin.keystore.password=security
> > > >
> > >
> org.apache.ws.security.crypto.merlin.keystore.alias=16c73ab6-b892-458f-abf5-2f875f74882e
> > > >
> > >
> org.apache.ws.security.crypto.merlin.alias.password=security
> > > >
> > >
> org.apache.ws.security.crypto.merlin.file=keys/x509.PFX.MSFT
> > > >
> > > > However, I received the following exception:
> > > >
> > > > unknown attr1.3.6.1.4.1.311.17.1
> > > > Doc after insert security header: <?xml version="1.0"
> encoding="UTF-8"?>
> > > > <SOAP-ENV:Envelope xmlns:SOAP-ENV="
> > > http://schemas.xmlsoap.org/soap/envelope/"
> > > xmlns:xsd="http://www.w3.org/2001/XMLSchema"
> xmlns:xsi="
> > >
> http://www.w3.org/2001/XMLSchema-instance"><SOAP-ENV:Header
> > > >
> > > > <wsse:Security SOAP-ENV:mustUnderstand="1" xmlns:wsse="
> > >
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"/></SOAP-ENV:Header><SOAP-ENV:Body><sayHello
> > > xmlns=" http://services/helloworld"><value>Hello
> > >
> world!</value></sayHello></SOAP-ENV:Body></SOAP-ENV:Envelope>
> > > > java.lang.NullPointerException
> > > > at
> > >
> com.sun.net.ssl.internal.ssl.PKCS12KeyStore.engineGetCertificateChain
> > > (DashoA6275)
> > > > at
> > >
> java.security.KeyStore.getCertificateChain(KeyStore.java
> :312)
> > > > at
> > >
> org.apache.ws.security.components.crypto.AbstractCrypto.getCertificates(AbstractCrypto.java:407)
> > > > at
> org.apache.ws.security.message.WSSecSignature.prepare
> > > (WSSecSignature.java :272)
> > > > at
> > >
> org.apache.ws.security.message.WSSecSignature.build(WSSecSignature.java:643)
> > > > at tests.TestX509Signature.main(TestX509Signature.java:108)
> > > > Exception in thread "main"
> > > >
> > > >
> > > > I am using the WSS4J 1.5, Sun JDK1.4.2.
> > > > From google, I know that the message "unknown
> attr1.3.6.1.4.1.311.17.1"
> > > can be just ignored.
> > > > It seems that the NullPointerException is due to the empty cert chain.
> But
> > > there should be at least one cert in the chain, right?
> > > >
> > > > Could anyone suggest what I can do? Those who has managed to do
> signature
> > > using the sample crypto.propertie, could you help? Thank you.
> > > >
> > > >
> > > > Regards,
> > > > Xinjun
> > >
> > >
> >
> >
> > --
> > www.ruchith.org
> >
>
>
--
www.ruchith.org
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
Re: Using WSSecSignature
Posted by Ruchith Fernando <ru...@gmail.com>.
Please see the TestWSSecurityNew* tests available here :
https://svn.apache.org/repos/asf/webservices/wss4j/trunk/test/wssec
See how they use the WSSecurityEngine.
Thanks,
Ruchith
On 11/9/06, Xinjun Chen <xj...@gmail.com> wrote:
> Hi Ruchith,
>
> Thank you for your pointer. :-)
>
>
> security.provider.7=org.bouncycastle.jce.provider.BouncyCastleProvider
>
> is one of the reasons for the error. I have set the provider in JDK1.4.1 but
> forget to set in JDK1.5.
>
> After done that I also meet some other exceptions. Here I just list the
> exceptions I encountered and solutions I used for the reference of future
> newbies.
>
> 1. Unexpected number of X509Data: for Signature.
>
> For my test, the reason is because I didn't set username and password to
> the WSSecSignature signer. I had thought the alias and password in the
> crypto.property will be used. However it turns out not. So simply add one
> line in test code:
>
> signer.setUserInfo(alias, password);
>
> 2. Sorry, you supplied the wrong key type for this operation! You supplied
> a sun.security.provider.DSAPrivateKey but a
> javax.crypto.SecretKey is needed.
> This error is somehow clearer. It hits me that the Signature algorithm may
> not be set properly.
> I changed the signature algorithm to
> XMLSignature.ALGO_ID_SIGNATURE_DSA, then it is ok. The
> signature algorithm and the provided cert algorithm must match. The specific
> line is
> signer.setSignatureAlgorithm(XMLSignature.ALGO_ID_SIGNATURE_DSA);
>
> Now I am trying to verify the test signature generated. Is there any sample
> to do that?
>
> Regards,
> Xinjun
>
>
> On 11/9/06, Ruchith Fernando <ru...@gmail.com> wrote:
> > Please try this :
> >
> > http://ws.apache.org/axis2/faq.html#a3
> >
> > (General#3)
> >
> > thanks,
> > Ruchith
> >
> > On 11/9/06, Xinjun Chen <xj...@gmail.com> wrote:
> > > Hi
> > >
> > > I got the following new exception when I switch to JDK1.5. I have
> already
> > > include bouncycastle in the classpath.
> > >
> > > I feel it is some common error. Could you enlighten me on it? Do I
> missed
> > > some step? I am using the sample crypto.properties provided by WSS4J.
> > >
> > >
> > > java.io.IOException: failed to decrypt safe contents entry:
> > > javax.crypto.BadPaddingException: Given final block not
> > > properly padded
> > > at
> > > com.sun.net.ssl.internal.ssl.PKCS12KeyStore.engineLoad
> (PKCS12KeyStore.java:1275)
> > > at java.security.KeyStore.load(KeyStore.java:1150)
> > > at
> > >
> org.apache.ws.security.components.crypto.AbstractCrypto.load(AbstractCrypto.java:525)
> > > at
> > > org.apache.ws.security.components.crypto.AbstractCrypto
> .<init>(
> > > AbstractCrypto.java:121)
> > > at
> > >
> org.apache.ws.security.components.crypto.Merlin.<init>(Merlin.java:62)
> > >
> > > Caused by: javax.crypto.BadPaddingException: Given
> final
> > > block not properly padded
> > > at com.sun.crypto.provider.SunJCE_h.b(DashoA12275)
> > > at com.sun.crypto.provider.SunJCE_h.b(DashoA12275)
> > > at com.sun.crypto.provider.SunJCE_ab.b (DashoA12275)
> > > at
> > >
> com.sun.crypto.provider.PKCS12PBECipherCore$PBEWithSHA1AndRC2_40.engineDoFinal(DashoA12275)
> > > at javax.crypto.Cipher.doFinal(DashoA12275)
> > > at
> com.sun.net.ssl.internal.ssl.PKCS12KeyStore.engineLoad
> > > (PKCS12KeyStore.java:1272)
> > >
> > >
> > >
> > >
> > > On 11/9/06, Xinjun Chen <xj...@gmail.com> wrote:
> > > >
> > > > Hi,
> > > >
> > > > I am trying to use WSS4J as API to do signature for a SOAPEnvelope.
> More
> > > specifically, I am using WSSecSignature with the following sample crypto
> > > provided by WSS4J to do the testing.
> > > >
> > > >
> > >
> org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
> > > >
> > >
> org.apache.ws.security.crypto.merlin.keystore.type=pkcs12
> > > >
> > >
> org.apache.ws.security.crypto.merlin.keystore.password=security
> > > >
> > >
> org.apache.ws.security.crypto.merlin.keystore.alias=16c73ab6-b892-458f-abf5-2f875f74882e
> > > >
> > >
> org.apache.ws.security.crypto.merlin.alias.password=security
> > > >
> > >
> org.apache.ws.security.crypto.merlin.file=keys/x509.PFX.MSFT
> > > >
> > > > However, I received the following exception:
> > > >
> > > > unknown attr1.3.6.1.4.1.311.17.1
> > > > Doc after insert security header: <?xml version="1.0"
> encoding="UTF-8"?>
> > > > <SOAP-ENV:Envelope xmlns:SOAP-ENV="
> > > http://schemas.xmlsoap.org/soap/envelope/"
> > > xmlns:xsd="http://www.w3.org/2001/XMLSchema"
> xmlns:xsi="
> > >
> http://www.w3.org/2001/XMLSchema-instance"><SOAP-ENV:Header
> > > >
> > > > <wsse:Security SOAP-ENV:mustUnderstand="1" xmlns:wsse="
> > >
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"/></SOAP-ENV:Header><SOAP-ENV:Body><sayHello
> > > xmlns=" http://services/helloworld"><value>Hello
> > >
> world!</value></sayHello></SOAP-ENV:Body></SOAP-ENV:Envelope>
> > > > java.lang.NullPointerException
> > > > at
> > >
> com.sun.net.ssl.internal.ssl.PKCS12KeyStore.engineGetCertificateChain
> > > (DashoA6275)
> > > > at
> > >
> java.security.KeyStore.getCertificateChain(KeyStore.java
> :312)
> > > > at
> > >
> org.apache.ws.security.components.crypto.AbstractCrypto.getCertificates(AbstractCrypto.java:407)
> > > > at
> org.apache.ws.security.message.WSSecSignature.prepare
> > > (WSSecSignature.java :272)
> > > > at
> > >
> org.apache.ws.security.message.WSSecSignature.build(WSSecSignature.java:643)
> > > > at tests.TestX509Signature.main(TestX509Signature.java:108)
> > > > Exception in thread "main"
> > > >
> > > >
> > > > I am using the WSS4J 1.5, Sun JDK1.4.2.
> > > > From google, I know that the message "unknown
> attr1.3.6.1.4.1.311.17.1"
> > > can be just ignored.
> > > > It seems that the NullPointerException is due to the empty cert chain.
> But
> > > there should be at least one cert in the chain, right?
> > > >
> > > > Could anyone suggest what I can do? Those who has managed to do
> signature
> > > using the sample crypto.propertie, could you help? Thank you.
> > > >
> > > >
> > > > Regards,
> > > > Xinjun
> > >
> > >
> >
> >
> > --
> > www.ruchith.org
> >
>
>
--
www.ruchith.org
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
Re: Using WSSecSignature
Posted by Ruchith Fernando <ru...@gmail.com>.
Please try this :
http://ws.apache.org/axis2/faq.html#a3
(General#3)
thanks,
Ruchith
On 11/9/06, Xinjun Chen <xj...@gmail.com> wrote:
> Hi
>
> I got the following new exception when I switch to JDK1.5. I have already
> include bouncycastle in the classpath.
>
> I feel it is some common error. Could you enlighten me on it? Do I missed
> some step? I am using the sample crypto.properties provided by WSS4J.
>
>
> java.io.IOException: failed to decrypt safe contents entry:
> javax.crypto.BadPaddingException: Given final block not
> properly padded
> at
> com.sun.net.ssl.internal.ssl.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:1275)
> at java.security.KeyStore.load(KeyStore.java:1150)
> at
> org.apache.ws.security.components.crypto.AbstractCrypto.load(AbstractCrypto.java:525)
> at
> org.apache.ws.security.components.crypto.AbstractCrypto.<init>(
> AbstractCrypto.java:121)
> at
> org.apache.ws.security.components.crypto.Merlin.<init>(Merlin.java:62)
>
> Caused by: javax.crypto.BadPaddingException: Given final
> block not properly padded
> at com.sun.crypto.provider.SunJCE_h.b(DashoA12275)
> at com.sun.crypto.provider.SunJCE_h.b(DashoA12275)
> at com.sun.crypto.provider.SunJCE_ab.b (DashoA12275)
> at
> com.sun.crypto.provider.PKCS12PBECipherCore$PBEWithSHA1AndRC2_40.engineDoFinal(DashoA12275)
> at javax.crypto.Cipher.doFinal(DashoA12275)
> at com.sun.net.ssl.internal.ssl.PKCS12KeyStore.engineLoad
> (PKCS12KeyStore.java:1272)
>
>
>
>
> On 11/9/06, Xinjun Chen <xj...@gmail.com> wrote:
> >
> > Hi,
> >
> > I am trying to use WSS4J as API to do signature for a SOAPEnvelope. More
> specifically, I am using WSSecSignature with the following sample crypto
> provided by WSS4J to do the testing.
> >
> >
> org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
> >
> org.apache.ws.security.crypto.merlin.keystore.type=pkcs12
> >
> org.apache.ws.security.crypto.merlin.keystore.password=security
> >
> org.apache.ws.security.crypto.merlin.keystore.alias=16c73ab6-b892-458f-abf5-2f875f74882e
> >
> org.apache.ws.security.crypto.merlin.alias.password=security
> >
> org.apache.ws.security.crypto.merlin.file=keys/x509.PFX.MSFT
> >
> > However, I received the following exception:
> >
> > unknown attr1.3.6.1.4.1.311.17.1
> > Doc after insert security header: <?xml version="1.0" encoding="UTF-8"?>
> > <SOAP-ENV:Envelope xmlns:SOAP-ENV="
> http://schemas.xmlsoap.org/soap/envelope/"
> xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="
> http://www.w3.org/2001/XMLSchema-instance"><SOAP-ENV:Header
> >
> > <wsse:Security SOAP-ENV:mustUnderstand="1" xmlns:wsse="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"/></SOAP-ENV:Header><SOAP-ENV:Body><sayHello
> xmlns=" http://services/helloworld"><value>Hello
> world!</value></sayHello></SOAP-ENV:Body></SOAP-ENV:Envelope>
> > java.lang.NullPointerException
> > at
> com.sun.net.ssl.internal.ssl.PKCS12KeyStore.engineGetCertificateChain
> (DashoA6275)
> > at
> java.security.KeyStore.getCertificateChain(KeyStore.java:312)
> > at
> org.apache.ws.security.components.crypto.AbstractCrypto.getCertificates(AbstractCrypto.java:407)
> > at org.apache.ws.security.message.WSSecSignature.prepare
> (WSSecSignature.java:272)
> > at
> org.apache.ws.security.message.WSSecSignature.build(WSSecSignature.java:643)
> > at tests.TestX509Signature.main(TestX509Signature.java:108)
> > Exception in thread "main"
> >
> >
> > I am using the WSS4J 1.5, Sun JDK1.4.2.
> > From google, I know that the message "unknown attr1.3.6.1.4.1.311.17.1"
> can be just ignored.
> > It seems that the NullPointerException is due to the empty cert chain. But
> there should be at least one cert in the chain, right?
> >
> > Could anyone suggest what I can do? Those who has managed to do signature
> using the sample crypto.propertie, could you help? Thank you.
> >
> >
> > Regards,
> > Xinjun
>
>
--
www.ruchith.org
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
Re: Using WSSecSignature
Posted by Ruchith Fernando <ru...@gmail.com>.
Please try this :
http://ws.apache.org/axis2/faq.html#a3
(General#3)
thanks,
Ruchith
On 11/9/06, Xinjun Chen <xj...@gmail.com> wrote:
> Hi
>
> I got the following new exception when I switch to JDK1.5. I have already
> include bouncycastle in the classpath.
>
> I feel it is some common error. Could you enlighten me on it? Do I missed
> some step? I am using the sample crypto.properties provided by WSS4J.
>
>
> java.io.IOException: failed to decrypt safe contents entry:
> javax.crypto.BadPaddingException: Given final block not
> properly padded
> at
> com.sun.net.ssl.internal.ssl.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:1275)
> at java.security.KeyStore.load(KeyStore.java:1150)
> at
> org.apache.ws.security.components.crypto.AbstractCrypto.load(AbstractCrypto.java:525)
> at
> org.apache.ws.security.components.crypto.AbstractCrypto.<init>(
> AbstractCrypto.java:121)
> at
> org.apache.ws.security.components.crypto.Merlin.<init>(Merlin.java:62)
>
> Caused by: javax.crypto.BadPaddingException: Given final
> block not properly padded
> at com.sun.crypto.provider.SunJCE_h.b(DashoA12275)
> at com.sun.crypto.provider.SunJCE_h.b(DashoA12275)
> at com.sun.crypto.provider.SunJCE_ab.b (DashoA12275)
> at
> com.sun.crypto.provider.PKCS12PBECipherCore$PBEWithSHA1AndRC2_40.engineDoFinal(DashoA12275)
> at javax.crypto.Cipher.doFinal(DashoA12275)
> at com.sun.net.ssl.internal.ssl.PKCS12KeyStore.engineLoad
> (PKCS12KeyStore.java:1272)
>
>
>
>
> On 11/9/06, Xinjun Chen <xj...@gmail.com> wrote:
> >
> > Hi,
> >
> > I am trying to use WSS4J as API to do signature for a SOAPEnvelope. More
> specifically, I am using WSSecSignature with the following sample crypto
> provided by WSS4J to do the testing.
> >
> >
> org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
> >
> org.apache.ws.security.crypto.merlin.keystore.type=pkcs12
> >
> org.apache.ws.security.crypto.merlin.keystore.password=security
> >
> org.apache.ws.security.crypto.merlin.keystore.alias=16c73ab6-b892-458f-abf5-2f875f74882e
> >
> org.apache.ws.security.crypto.merlin.alias.password=security
> >
> org.apache.ws.security.crypto.merlin.file=keys/x509.PFX.MSFT
> >
> > However, I received the following exception:
> >
> > unknown attr1.3.6.1.4.1.311.17.1
> > Doc after insert security header: <?xml version="1.0" encoding="UTF-8"?>
> > <SOAP-ENV:Envelope xmlns:SOAP-ENV="
> http://schemas.xmlsoap.org/soap/envelope/"
> xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="
> http://www.w3.org/2001/XMLSchema-instance"><SOAP-ENV:Header
> >
> > <wsse:Security SOAP-ENV:mustUnderstand="1" xmlns:wsse="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"/></SOAP-ENV:Header><SOAP-ENV:Body><sayHello
> xmlns=" http://services/helloworld"><value>Hello
> world!</value></sayHello></SOAP-ENV:Body></SOAP-ENV:Envelope>
> > java.lang.NullPointerException
> > at
> com.sun.net.ssl.internal.ssl.PKCS12KeyStore.engineGetCertificateChain
> (DashoA6275)
> > at
> java.security.KeyStore.getCertificateChain(KeyStore.java:312)
> > at
> org.apache.ws.security.components.crypto.AbstractCrypto.getCertificates(AbstractCrypto.java:407)
> > at org.apache.ws.security.message.WSSecSignature.prepare
> (WSSecSignature.java:272)
> > at
> org.apache.ws.security.message.WSSecSignature.build(WSSecSignature.java:643)
> > at tests.TestX509Signature.main(TestX509Signature.java:108)
> > Exception in thread "main"
> >
> >
> > I am using the WSS4J 1.5, Sun JDK1.4.2.
> > From google, I know that the message "unknown attr1.3.6.1.4.1.311.17.1"
> can be just ignored.
> > It seems that the NullPointerException is due to the empty cert chain. But
> there should be at least one cert in the chain, right?
> >
> > Could anyone suggest what I can do? Those who has managed to do signature
> using the sample crypto.propertie, could you help? Thank you.
> >
> >
> > Regards,
> > Xinjun
>
>
--
www.ruchith.org
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
Re: Using WSSecSignature
Posted by Xinjun Chen <xj...@gmail.com>.
Hi
I got the following new exception when I switch to JDK1.5. I have already
include bouncycastle in the classpath.
I feel it is some common error. Could you enlighten me on it? Do I missed
some step? I am using the sample crypto.properties provided by WSS4J.
java.io.IOException: failed to decrypt safe contents entry:
javax.crypto.BadPaddingException: Given final block not properly padded
at com.sun.net.ssl.internal.ssl.PKCS12KeyStore.engineLoad(
PKCS12KeyStore.java:1275)
at java.security.KeyStore.load(KeyStore.java:1150)
at org.apache.ws.security.components.crypto.AbstractCrypto.load(
AbstractCrypto.java:525)
at org.apache.ws.security.components.crypto.AbstractCrypto.<init>(
AbstractCrypto.java:121)
at org.apache.ws.security.components.crypto.Merlin.<init>(Merlin.java:62)
Caused by: javax.crypto.BadPaddingException: Given final block not properly
padded
at com.sun.crypto.provider.SunJCE_h.b(DashoA12275)
at com.sun.crypto.provider.SunJCE_h.b(DashoA12275)
at com.sun.crypto.provider.SunJCE_ab.b(DashoA12275)
at
com.sun.crypto.provider.PKCS12PBECipherCore$PBEWithSHA1AndRC2_40.engineDoFinal
(DashoA12275)
at javax.crypto.Cipher.doFinal(DashoA12275)
at com.sun.net.ssl.internal.ssl.PKCS12KeyStore.engineLoad(
PKCS12KeyStore.java:1272)
On 11/9/06, Xinjun Chen <xj...@gmail.com> wrote:
>
> Hi,
>
> I am trying to use WSS4J as API to do signature for a SOAPEnvelope. More
> specifically, I am using WSSecSignature with the following sample crypto
> provided by WSS4J to do the testing.
>
>
> org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
> org.apache.ws.security.crypto.merlin.keystore.type=pkcs12
> org.apache.ws.security.crypto.merlin.keystore.password=security
>
> org.apache.ws.security.crypto.merlin.keystore.alias=16c73ab6-b892-458f-abf5-2f875f74882e
> org.apache.ws.security.crypto.merlin.alias.password=security
> org.apache.ws.security.crypto.merlin.file=keys/x509.PFX.MSFT
>
> However, I received the following exception:
>
> unknown attr1.3.6.1.4.1.311.17.1
> Doc after insert security header: <?xml version="1.0" encoding="UTF-8"?>
> <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
> xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="
> http://www.w3.org/2001/XMLSchema-instance"><SOAP-ENV:Header<http://www.w3.org/2001/XMLSchema-instance%22%3E%3CSOAP-ENV:Header>>
> <wsse:Security SOAP-ENV:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"/></SOAP-ENV:Header><SOAP-ENV:Body><sayHello<http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd%22/%3E%3C/SOAP-ENV:Header%3E%3CSOAP-ENV:Body%3E%3CsayHello>xmlns="http://services/helloworld"><value>Hello<http://services/helloworld%22%3E%3Cvalue%3EHello>world!</value></sayHello></SOAP-ENV:Body></SOAP-ENV:Envelope>
> *java.lang.NullPointerException
> at com.sun.net.ssl.internal.ssl.PKCS12KeyStore.engineGetCertificateChain(DashoA6275)
> at java.security.KeyStore.getCertificateChain(KeyStore.java:312)
> * at
> org.apache.ws.security.components.crypto.AbstractCrypto.getCertificates(
> AbstractCrypto.java:407)
> at org.apache.ws.security.message.WSSecSignature.prepare (*
> WSSecSignature.java:272*)
> at org.apache.ws.security.message.WSSecSignature.build(
> WSSecSignature.java:643)
> at tests.TestX509Signature.main(TestX509Signature.java:108)
> Exception in thread "main"
>
>
> I am using the WSS4J 1.5, Sun JDK1.4.2.
> From google, I know that the message "unknown attr1.3.6.1.4.1.311.17.1"
> can be just ignored.
> It seems that the NullPointerException is due to the empty cert chain. But
> there should be at least one cert in the chain, right?
>
> Could anyone suggest what I can do? Those who has managed to do signature
> using the sample crypto.propertie, could you help? Thank you.
>
>
> Regards,
> Xinjun
>
Re: Using WSSecSignature
Posted by Xinjun Chen <xj...@gmail.com>.
Hi
I got the following new exception when I switch to JDK1.5. I have already
include bouncycastle in the classpath.
I feel it is some common error. Could you enlighten me on it? Do I missed
some step? I am using the sample crypto.properties provided by WSS4J.
java.io.IOException: failed to decrypt safe contents entry:
javax.crypto.BadPaddingException: Given final block not properly padded
at com.sun.net.ssl.internal.ssl.PKCS12KeyStore.engineLoad(
PKCS12KeyStore.java:1275)
at java.security.KeyStore.load(KeyStore.java:1150)
at org.apache.ws.security.components.crypto.AbstractCrypto.load(
AbstractCrypto.java:525)
at org.apache.ws.security.components.crypto.AbstractCrypto.<init>(
AbstractCrypto.java:121)
at org.apache.ws.security.components.crypto.Merlin.<init>(Merlin.java:62)
Caused by: javax.crypto.BadPaddingException: Given final block not properly
padded
at com.sun.crypto.provider.SunJCE_h.b(DashoA12275)
at com.sun.crypto.provider.SunJCE_h.b(DashoA12275)
at com.sun.crypto.provider.SunJCE_ab.b(DashoA12275)
at
com.sun.crypto.provider.PKCS12PBECipherCore$PBEWithSHA1AndRC2_40.engineDoFinal
(DashoA12275)
at javax.crypto.Cipher.doFinal(DashoA12275)
at com.sun.net.ssl.internal.ssl.PKCS12KeyStore.engineLoad(
PKCS12KeyStore.java:1272)
On 11/9/06, Xinjun Chen <xj...@gmail.com> wrote:
>
> Hi,
>
> I am trying to use WSS4J as API to do signature for a SOAPEnvelope. More
> specifically, I am using WSSecSignature with the following sample crypto
> provided by WSS4J to do the testing.
>
>
> org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
> org.apache.ws.security.crypto.merlin.keystore.type=pkcs12
> org.apache.ws.security.crypto.merlin.keystore.password=security
>
> org.apache.ws.security.crypto.merlin.keystore.alias=16c73ab6-b892-458f-abf5-2f875f74882e
> org.apache.ws.security.crypto.merlin.alias.password=security
> org.apache.ws.security.crypto.merlin.file=keys/x509.PFX.MSFT
>
> However, I received the following exception:
>
> unknown attr1.3.6.1.4.1.311.17.1
> Doc after insert security header: <?xml version="1.0" encoding="UTF-8"?>
> <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
> xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="
> http://www.w3.org/2001/XMLSchema-instance"><SOAP-ENV:Header<http://www.w3.org/2001/XMLSchema-instance%22%3E%3CSOAP-ENV:Header>>
> <wsse:Security SOAP-ENV:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"/></SOAP-ENV:Header><SOAP-ENV:Body><sayHello<http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd%22/%3E%3C/SOAP-ENV:Header%3E%3CSOAP-ENV:Body%3E%3CsayHello>xmlns="http://services/helloworld"><value>Hello<http://services/helloworld%22%3E%3Cvalue%3EHello>world!</value></sayHello></SOAP-ENV:Body></SOAP-ENV:Envelope>
> *java.lang.NullPointerException
> at com.sun.net.ssl.internal.ssl.PKCS12KeyStore.engineGetCertificateChain(DashoA6275)
> at java.security.KeyStore.getCertificateChain(KeyStore.java:312)
> * at
> org.apache.ws.security.components.crypto.AbstractCrypto.getCertificates(
> AbstractCrypto.java:407)
> at org.apache.ws.security.message.WSSecSignature.prepare (*
> WSSecSignature.java:272*)
> at org.apache.ws.security.message.WSSecSignature.build(
> WSSecSignature.java:643)
> at tests.TestX509Signature.main(TestX509Signature.java:108)
> Exception in thread "main"
>
>
> I am using the WSS4J 1.5, Sun JDK1.4.2.
> From google, I know that the message "unknown attr1.3.6.1.4.1.311.17.1"
> can be just ignored.
> It seems that the NullPointerException is due to the empty cert chain. But
> there should be at least one cert in the chain, right?
>
> Could anyone suggest what I can do? Those who has managed to do signature
> using the sample crypto.propertie, could you help? Thank you.
>
>
> Regards,
> Xinjun
>