cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "aman kohli (Commented) (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CXF-3865) Asymmetric Encryption - alias is null during decryption using private key
Date Wed, 19 Oct 2011 14:40:10 GMT

    [ https://issues.apache.org/jira/browse/CXF-3865?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13130652#comment-13130652
] 

aman kohli commented on CXF-3865:
---------------------------------

i have tried this on 2.4.3 and it still does not work, the server gives a slightly different
error.

NOTE: the keystores in the tarball maynot be right, but the steps to rebuild them are in the
src/main/keystores/k*txt file.

Server log:
[INFO] Scanning for projects...
[INFO]                                                                         
[INFO] ------------------------------------------------------------------------
[INFO] Building stub 1.0-SNAPSHOT
[INFO] ------------------------------------------------------------------------
[INFO] 
[INFO] >>> exec-maven-plugin:1.2.1:java (default-cli) @ crypto-stub-problem >>>
[INFO] 
[INFO] <<< exec-maven-plugin:1.2.1:java (default-cli) @ crypto-stub-problem <<<
[INFO] 
[INFO] --- exec-maven-plugin:1.2.1:java (default-cli) @ crypto-stub-problem ---
19-Oct-2011 15:36:15 org.apache.cxf.service.factory.ReflectionServiceFactoryBean buildServiceFromClass
INFO: Creating Service {http://collection.blah.com/}CollectionImplService from class com.blah.collection.CollectionService
19-Oct-2011 15:36:15 org.apache.cxf.endpoint.ServerImpl initDestination
INFO: Setting the server's publish address to be http://localhost:9198/WS/services/Collection
SLF4J: Failed to load class "org.slf4j.impl.StaticLoggerBinder".
SLF4J: Defaulting to no-operation (NOP) logger implementation
SLF4J: See http://www.slf4j.org/codes.html#StaticLoggerBinder for further details.
Server ready...
19-Oct-2011 15:36:19 org.apache.cxf.interceptor.AbstractLoggingInterceptor log
INFO: Inbound Message
----------------------------
ID: 1
Address: http://localhost:9198/WS/services/Collection/?wsdl
Http-Method: GET
Content-Type: text/xml
Headers: {Accept=[*/*], Cache-Control=[no-cache], connection=[keep-alive], content-type=[text/xml],
Host=[localhost:9198], Pragma=[no-cache], User-Agent=[Apache CXF 2.4.3]}
--------------------------------------
19-Oct-2011 15:36:20 org.apache.cxf.interceptor.AbstractLoggingInterceptor log
INFO: Inbound Message
----------------------------
ID: 2
Address: http://localhost:9198/WS/services/Collection/
Encoding: UTF-8
Http-Method: POST
Content-Type: text/xml; charset=UTF-8
Headers: {Accept=[*/*], Cache-Control=[no-cache], connection=[keep-alive], Content-Length=[2202],
content-type=[text/xml; charset=UTF-8], Host=[localhost:9198], Pragma=[no-cache], SOAPAction=[""],
User-Agent=[Apache CXF 2.4.3]}
Payload: <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Header><wsse:Security
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
soap:mustUnderstand="1"><xenc:EncryptedKey xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
Id="EK-FD96307AA9D5C3B7EB13190349805011"><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/><ds:KeyInfo
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><wsse:SecurityTokenReference><ds:X509Data><ds:X509IssuerSerial><ds:X509IssuerName>CN=umpd</ds:X509IssuerName><ds:X509SerialNumber>1319034400</ds:X509SerialNumber></ds:X509IssuerSerial></ds:X509Data></wsse:SecurityTokenReference></ds:KeyInfo><xenc:CipherData><xenc:CipherValue>MzkrKke0mtMf/PFM7HafgX1qrIULWSjzaPRTrxRrUqumUf0vvhsAulIlbYQyGp9t9MGy3+8BIPyv4UNgulgJp2HLGxp0bXZL8c3e/dNfFN10ASmqZIqkBvmgiZCRZcX10Ij9WKIs4o2/KXSUcssiWXivOhqDtywAH+GzUN2TECc=</xenc:CipherValue></xenc:CipherData><xenc:ReferenceList><xenc:DataReference
URI="#ED-1"/></xenc:ReferenceList></xenc:EncryptedKey></wsse:Security></soap:Header><soap:Body><xenc:EncryptedData
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" Id="ED-1" Type="http://www.w3.org/2001/04/xmlenc#Content"><xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/><ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><wsse:SecurityTokenReference
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd" wsse11:TokenType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey"><wsse:Reference
URI="#EK-FD96307AA9D5C3B7EB13190349805011"/></wsse:SecurityTokenReference></ds:KeyInfo><xenc:CipherData><xenc:CipherValue>YnEeXUGjJ6qppL9/Sv3cbgjGLAUdcv5/ueuhVbDc8Idw4iyrEU1nZmo/j7UN0CbV2gxB1GJDol5JLyghGLYjPr6GCpshL9V9CfGv19CpzQqZjruoZTv9WCsDPPKQ2w+ONj9z5eS23tSfCoyi2qZHfcpXQFH/V82WNK7ujybCdBt0+hoPgVQUzdbEt6pro0KiTBvhw2xFOTfjnULapVs8Q3Uwa+kDOHfcJ9GkxvGTZHk=</xenc:CipherValue></xenc:CipherData></xenc:EncryptedData></soap:Body></soap:Envelope>
--------------------------------------
19-Oct-2011 15:36:21 org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor handleMessage
WARNING: 
org.apache.ws.security.WSSecurityException: General security error (No certificates were found
for decryption (KeyId))
	at org.apache.ws.security.processor.EncryptedKeyProcessor.getCertificatesFromEncryptedKey(EncryptedKeyProcessor.java:241)
	at org.apache.ws.security.processor.EncryptedKeyProcessor.handleToken(EncryptedKeyProcessor.java:99)
	at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:396)
	at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:249)
	at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:85)
	at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:263)
	at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
	at org.apache.cxf.transport.http_jetty.JettyHTTPDestination.serviceRequest(JettyHTTPDestination.java:319)
	at org.apache.cxf.transport.http_jetty.JettyHTTPDestination.doService(JettyHTTPDestination.java:287)
	at org.apache.cxf.transport.http_jetty.JettyHTTPHandler.handle(JettyHTTPHandler.java:72)
	at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:939)
	at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:875)
	at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:117)
	at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:247)
	at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:110)
	at org.eclipse.jetty.server.Server.handle(Server.java:346)
	at org.eclipse.jetty.server.HttpConnection.handleRequest(HttpConnection.java:589)
	at org.eclipse.jetty.server.HttpConnection$RequestHandler.content(HttpConnection.java:1065)
	at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:823)
	at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:220)
	at org.eclipse.jetty.server.HttpConnection.handle(HttpConnection.java:411)
	at org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:535)
	at org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:40)
	at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:529)
	at java.lang.Thread.run(Thread.java:619)
19-Oct-2011 15:36:21 org.apache.cxf.phase.PhaseInterceptorChain doDefaultLogging
WARNING: Interceptor for {http://collection.blah.com/}CollectionImplService has thrown exception,
unwinding now
org.apache.cxf.binding.soap.SoapFault: General security error (No certificates were found
for decryption (KeyId))
	at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.createSoapFault(WSS4JInInterceptor.java:643)
	at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:308)
	at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:85)
	at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:263)
	at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
	at org.apache.cxf.transport.http_jetty.JettyHTTPDestination.serviceRequest(JettyHTTPDestination.java:319)
	at org.apache.cxf.transport.http_jetty.JettyHTTPDestination.doService(JettyHTTPDestination.java:287)
	at org.apache.cxf.transport.http_jetty.JettyHTTPHandler.handle(JettyHTTPHandler.java:72)
	at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:939)
	at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:875)
	at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:117)
	at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:247)
	at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:110)
	at org.eclipse.jetty.server.Server.handle(Server.java:346)
	at org.eclipse.jetty.server.HttpConnection.handleRequest(HttpConnection.java:589)
	at org.eclipse.jetty.server.HttpConnection$RequestHandler.content(HttpConnection.java:1065)
	at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:823)
	at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:220)
	at org.eclipse.jetty.server.HttpConnection.handle(HttpConnection.java:411)
	at org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:535)
	at org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:40)
	at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:529)
	at java.lang.Thread.run(Thread.java:619)
Caused by: org.apache.ws.security.WSSecurityException: General security error (No certificates
were found for decryption (KeyId))
	at org.apache.ws.security.processor.EncryptedKeyProcessor.getCertificatesFromEncryptedKey(EncryptedKeyProcessor.java:241)
	at org.apache.ws.security.processor.EncryptedKeyProcessor.handleToken(EncryptedKeyProcessor.java:99)
	at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:396)
	at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:249)
	... 21 more

                
> Asymmetric Encryption - alias is null during decryption using private key
> -------------------------------------------------------------------------
>
>                 Key: CXF-3865
>                 URL: https://issues.apache.org/jira/browse/CXF-3865
>             Project: CXF
>          Issue Type: Bug
>          Components: WS-* Components
>    Affects Versions: 2.2.10
>         Environment: actually 2.2.3 is the version
> running on mac osx lion and windows xp; java 1.6
>            Reporter: aman kohli
>         Attachments: cxf-wss4j-asym-crypto-soap.tgz
>
>
> as raised on mailing list, Colm suggested I upload the test case here.  This is the description
from the mailing list http://mail-archives.apache.org/mod_mbox/ws-users/201110.mbox/%3CCF458CB8-746A-4D98-A89F-9AD647AEE2D1@yahoo.com%3E

> Running into a problem on the server implementation (a cxf soap server) of asymmetric
encryption.
>  The intention is the soap body is to be encrypted with the server's public key. The
client
> (also using cxf) seems to be encrypting the message body ok.
> On receipt of the message, the server implementation raises an exception, with the reason
> the alias is null.  Here's the stack:
> org.apache.ws.security.WSSecurityException: The signature or decryption was invalid;
nested
> exception is: 
>        java.lang.Exception: alias is null
>        at org.apache.ws.security.processor.EncryptedKeyProcessor.handleEncryptedKey(EncryptedKeyProcessor.java:330)
>        at org.apache.ws.security.processor.EncryptedKeyProcessor.handleEncryptedKey(EncryptedKeyProcessor.java:104)
>        at org.apache.ws.security.processor.EncryptedKeyProcessor.handleToken(EncryptedKeyProcessor.java:84)
>        at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:326)
>        at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:243)
>        at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:198)
>        at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:77)
>        at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:236)
>        at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:104)
>        at org.apache.cxf.transport.http_jetty.JettyHTTPDestination.serviceRequest(JettyHTTPDestination.java:302)
> �
>   Caused by: java.lang.Exception: alias is null
>        at org.apache.ws.security.components.crypto.CryptoBase.getPrivateKey(CryptoBase.java:207)
>        at org.apache.ws.security.processor.EncryptedKeyProcessor.handleEncryptedKey(EncryptedKeyProcessor.java:328)
>        ... 22 more
> I added some println statements to the password callback on the server side to print
out the
> type and id:
> 	*** password callback type 1 class org.apache.ws.security.WSPasswordCallback
> 	*** password callback id null
> The API is used to configure CXF and WSS4j and not the xml configuration. The messages
are
> not being signed, nor are timestamps being used, just encryption/decryption, ep is the
endpointimpl
> :
>         Map<String,Object> inProps1 = new HashMap<String,Object>();
>         inProps1.put(WSHandlerConstants.ACTION, WSHandlerConstants.ENCRYPT);
>         inProps1.put(WSHandlerConstants.PW_CALLBACK_CLASS, PasswordCallbackHandler.class.getName());
>         inProps1.put(WSHandlerConstants.DEC_PROP_FILE, "server-security.properties");
>         inProps1.put(WSHandlerConstants.USER, "clientkey");
>         ep.getServer().getEndpoint().getInInterceptors().add(new WSS4JInInterceptor(inProps1));
> And the properties file is:
> 	org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
> 	org.apache.ws.security.crypto.merlin.keystore.type=jks
> 	org.apache.ws.security.crypto.merlin.keystore.password=storepass
> 	org.apache.ws.security.crypto.merlin.keystore.alias=clientkey
> 	org.apache.ws.security.crypto.merlin.keystore.file=src/main/keystores/server-encypt.jks
> The server cert is self signed: 
> 	$ keytool -genkey -alias umpservice -keyalg RSA -sigalg SHA1withRSA -keypass ump-pass
-storepass
> dummy-service -keystore server-encypt.jks -dname cn=localhost
> 	$ keytool -genkey -alias clientkey -keyalg RSA -sigalg SHA1withRSA -keypass client-pass
-storepass
> dummy-service -keystore ump-stub-keystore.jks -dname cn=umpd
> and the certificate was exported using the following:
> 	$ keytool -export -rfc -keystore ump-stub-keystore.jks -storepass dummy-service -keypass
> client-pass -alias clientkey -file client-cert.cer
> This is the WSDL extract:
>   <wsp:Policy wsu:Id="AsymEncryption" 
> 	      xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
> 	      xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
>     <wsp:ExactlyOne>
>       <wsp:All>
>         <sp:AsymmetricBinding xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
>           <wsp:Policy>
>             <sp:InitiatorToken>
>               <wsp:Policy>
>                 <sp:X509Token sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
>                   <wsp:Policy>
>                   <!-- <sp:RequireThumbprintReference/> -->
>                   </wsp:Policy>
>                 </sp:X509Token>
>               </wsp:Policy>
>             </sp:InitiatorToken>
>             <sp:RecipientToken>
>               <wsp:Policy>
>                 <sp:X509Token sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never">
>                   <wsp:Policy>
>                     <!-- <sp:RequireThumbprintReference/> -->
>                   </wsp:Policy>
>                 </sp:X509Token>
>               </wsp:Policy>
>             </sp:RecipientToken>
>             <sp:AlgorithmSuite>
>               <wsp:Policy>
>                 <sp:TripleDesRsa15/>
>               </wsp:Policy>
>             </sp:AlgorithmSuite>
>             <sp:Layout>
>               <wsp:Policy>
>                 <sp:Strict/>
>               </wsp:Policy>
>             </sp:Layout>
> <!--            <sp:IncludeTimestamp/>
>             <sp:OnlySignEntireHeadersAndBody/>
> -->
>           </wsp:Policy>
>         </sp:AsymmetricBinding>
>         <sp:EncryptedParts xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
>           <sp:Body/>
>         </sp:EncryptedParts>
>       </wsp:All>
>     </wsp:ExactlyOne>
>   </wsp:Policy>
> �
>   <wsdl:binding name="CollectionImplServiceSoapBinding" type="tns:CollectionService">
>       <wsp:PolicyReference xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
>                            URI="#AsymEncryption"/>
> And this is the incoming message:
> <output>
> 	INFO: Inbound Message
> 	----------------------------
> 	ID: 1
> 	Address: /FooWS/services/Collection/
> 	Encoding: UTF-8
> 	Content-Type: text/xml; charset=UTF-8
> 	Headers: {content-type=[text/xml; charset=UTF-8], connection=[keep-alive], Host=[localhost:9198],
> Content-Length=[2549], SOAPAction=[""], User-Agent=[Apache CXF 2.2.3], Content-Type=[text/xml;
> charset=U
> TF-8], Accept=[*/*], Pragma=[no-cache], Cache-Control=[no-cache]}
> 	Payload: <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"><soap:Header><wsse:Security
> xmlns:wsse="http://docs.oasis-open.org/wss/2004/
> 01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soap:mustUnderstand="1"><xenc:EncryptedKey
> xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" Id="EncKeyId-A77755F726FB2C832813189733820252"><xenc:EncryptionMe
> thod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5" /><ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
> <wsse:SecurityTokenReference xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"><ds:X509Data>
> <ds:X509IssuerSerial>
> <ds:X509IssuerName>CN=umpd</ds:X509IssuerName>
> <ds:X509SerialNumber>1316785867</ds:X509SerialNumber>
> </ds:X509IssuerSerial>
> </ds:X509Data></wsse:SecurityTokenReference>
> </ds:KeyInfo><xenc:CipherData><xenc:CipherValue>FlnDsQHOdVw0AOZualC9D6HvNIl7Hr2zXqf6YTZV5c28QzhwsJnZHLrL49dVPeq0TGT5QeRylc5lSfkUnWqwLoRs/N7yspkktxshhz7CTu3zzqbo3f82nSAr6d7nLXaI+dsIlDAkmngV/4uOJk1TqavjZl
> +7XW5XtxGHihzs5Zw=</xenc:CipherValue></xenc:CipherData><xenc:ReferenceList><xenc:DataReference
> URI="#EncDataId-1" /></xenc:ReferenceList></xenc:EncryptedKey></wsse:Security></soap:Header><soap:Body><xen
> c:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" Id="EncDataId-1" Type="http://www.w3.org/2001/04/xmlenc#Content"><xenc:EncryptionMethod
> Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-
> cbc" /><ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
> <wsse:SecurityTokenReference xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"><wsse:Reference
> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-20040
> 1-wss-wssecurity-secext-1.0.xsd" URI="#EncKeyId-A77755F726FB2C832813189733820252" /></wsse:SecurityTokenReference>
> </ds:KeyInfo><xenc:CipherData><xenc:CipherValue>Gbc/CYA8k1XJhCRYO8lA7rdxoUB6X4n7ZxfFSpxg437HUUjlaIImZ9vbX+UxxOuDKgEyN8TayBQR
> WIl+7npAm1BkzB88XJLf3EoVQI3eJhctspIuUgj/VIoHh090fCdw3bZGPSikqXlNPzPn5BsJKa/F
> 7Q4MIXjgS7G7L4tBesgsNJEcBx7ftp6Slxw+iTSvudYcMQ5ZcQcl0a4o2NbohFUIc1HJhg4daq0c
> LwvKit9owEQyMNkVXJV/vj6swU+gx9ltbFJJ4uqnx5zCA2obxOZzk61v+VX9ctotdP3/xLr/WHtz
> dRPsTsM34zguG6vwRq+f1czBKtlkbaN4CxTZDvPkLgFSXX286ki452UWBIzqxaynCAL6tY1qgMYi
> tDbQveW+suDbu4cwN4WtUUJdWmqGAOJOeXTXsmCqEcipN/eqod75QVbqzBrTBjpywNdhdxE2aBU/
> wfXa1HMwhoKw9+Ul3st6I1tpuVbi+wK7amqGIwCo8URtdJEBzbu90g1uWfSgb/iIlrIyCk6vSIlB
> XbLD3VZCx0nlqfaG5GZOaqz1mAxCAfnrYg5y9eGkxIMk</xenc:CipherValue></xenc:CipherData></xenc:EncryptedData></soap:Body></soap:Envelope>
> </output>
> On the client side, the WSS4j is setup as:
>       Map<String,Object> outProps1 = new HashMap<String,Object>();
>         outProps1.put(WSHandlerConstants.ACTION, WSHandlerConstants.ENCRYPT);
>         outProps1.put(WSHandlerConstants.PW_CALLBACK_CLASS, ClientCallbackHandler.class.getName());
>         outProps1.put(WSHandlerConstants.ENC_PROP_FILE, "client-crypto.properties");
>         outProps1.put(WSHandlerConstants.ENCRYPTION_USER, "servicekey");
>         cxfEndpoint.getOutInterceptors().add(new WSS4JOutInterceptor(outProps1));   
   
>         
> and the properties file is:
> org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
> org.apache.ws.security.crypto.merlin.keystore.type=jks
> org.apache.ws.security.crypto.merlin.keystore.alias=servicekey
> org.apache.ws.security.crypto.merlin.keystore.password=clientpass
> org.apache.ws.security.crypto.merlin.file=src/main/keystores/client-store.jks
> and the cert was imported using the command:
> 	$ keytool -import -trustcacerts -keystore client-store.jks -storepass clientpass -alias
servicekey
> -file client-cert.cer
> Not sure what is going wrong, but there are a lot of steps, so maybe this is a simple
error
> on my part.
> The CXF version is 2.2.3, If I need to redirect this to the cxf-users list, please let
me
> know.  

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

       

Mime
View raw message