cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Gina Choi <ginacho...@gmail.com>
Subject Re: Difference between CXF Fediz UT_Port and UTEncrypted_Port
Date Tue, 17 Jul 2012 21:12:54 GMT
I found problem parts and comment out those parts from cxf-encrypted-ut.xml
like bellow. I was able to run UTEncrypted_Port successfully. So, I guess
that WSP doesn't understand algorithms listed on UTEncrypted end point. My
question here is, if STS endpoint need to support more than one
encryptionAlgorithm and keyWrapAlgorithm, how do we satisfy that? Where do
I find correct value for encryptionAlgorithm and keyWrapAlgorithm for
UTEncrypted end point to uncomment currently commented parts?

*
*

*    <!--bean id="encProperties"
class="org.apache.cxf.sts.service.EncryptionProperties">*

*        <property name="encryptionAlgorithm" value="
http://www.w3.org/2001/04/xmlenc#aes128-cbc" />*

*        <property name="keyWrapAlgorithm" value="
http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" />*

*    </bean-->*

                <bean id="encryptedUtSTSProperties"

                     class="org.apache.cxf.sts.StaticSTSProperties">

                    <property name="signaturePropertiesFile"
value="stsKeystore.properties"/>

                                <property name="signatureUsername"
value="mystskey"/>

                                <property name="callbackHandlerClass"
value="org.apache.cxf.fediz.service.sts.PasswordCallbackHandler"/>

                                <property name="encryptionPropertiesFile"
value="stsKeystore.properties"/>

                                *<!--property name="encryptionProperties"
ref="encProperties"/-->*

                                <property name="issuer"
value="DoubleItSTSIssuer"/>

                                <property name="encryptionUsername"
value="myservicekey"/>

    </bean>


On Tue, Jul 17, 2012 at 3:59 PM, Gina Choi <ginachoi88@gmail.com> wrote:

> Hi All,
>
> I have following environment.
>
> Tomcat7.0.27. CXF 2.6.2-SNAPSHOT, WSS4J-1.6.7-SNAPSHOT, Spring3.0.7
>
> 1. Fediz STS:
>     - UT_Port and UTEncrypted_Port
>     - Imported WSP certificate to STS keystore
>
> 2. WSP : SymmetricBinding, ProtectionToken, SymmetricKey
>     - Imported STS certificate to WSP keystore
>
> 3. WSC
>
> If I use UT_Port, every thing goes well. If use UTEncrypted_Port, I am
> getting following error messages on the WSC and WSP side. So, I decided to
> fully satisfy certificate request - STS has both WSP and WSC certs, WSP has
> both STS and WSC cert, WSC has both STS and WSP cert. But it didn't change
> anything. Could someone tell me what is additional requirement for
> UTEncrypted_Port compared to UT_Port? This is my first time using
> UTEncrypted_Port.
>
>
> ------------------------- Start of WSC Error
> Message--------------------------
> Jul 17, 2012 2:54:56 PM org.apache.cxf.ws.addressing.soap.MAPCodec
> restoreExchange
> WARNING: Response message does not contain WS-Addressing properties.  Not
> correlating response.
> Jul 17, 2012 2:54:56 PM
> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor handleMessage
> WARNING: Request does not contain Security header, but it's a fault.
> Jul 17, 2012 2:54:56 PM org.apache.cxf.ws.addressing.ContextUtils
> retrieveMAPs
> WARNING: WS-Addressing - failed to retrieve Message Addressing Properties
> from context
> Exception in thread "main" javax.xml.ws.soap.SOAPFaultException: The
> signature or decryption was invalid
>         at
> org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:156)
>         at $Proxy26.doubleIt(Unknown Source)
>         at client.WSClient.doubleIt(WSClient.java:18)
>         at client.WSClient.main(WSClient.java:11)
> Caused by: org.apache.cxf.binding.soap.SoapFault: The signature or
> decryption was invalid
>         at
> org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.unmarshalFault(Soap11FaultInInterceptor.java:75)
>         at
> org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.handleMessage(Soap11FaultInInterceptor.java:46)
>         at
> org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.handleMessage(Soap11FaultInInterceptor.java:35)
>         at
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:262)
>         at
> org.apache.cxf.interceptor.AbstractFaultChainInitiatorObserver.onMessage(AbstractFaultChainInitiatorObserver.java:112)
>         at
> org.apache.cxf.binding.soap.interceptor.CheckFaultInterceptor.handleMessage(CheckFaultInterceptor.java:69)
>         at
> org.apache.cxf.binding.soap.interceptor.CheckFaultInterceptor.handleMessage(CheckFaultInterceptor.java:34)
>         at
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:262)
>         at
> org.apache.cxf.endpoint.ClientImpl.onMessage(ClientImpl.java:798)
>         at
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(HTTPConduit.java:1693)
>         at
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(HTTPConduit.java:1529)
>         at
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1437)
>         at
> org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:56)
>         at
> org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:660)
>         at
> org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:62)
>         at
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:262)
>         at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:531)
>         at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:464)
>         at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:367)
>         at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:320)
>         at
> org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:89)
>         at
> org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:134)
>         ... 3 more
> [INFO]
> ------------------------------------------------------------------------
> [INFO] BUILD FAILURE
>
> -------------------------End of WSC Error----------------------------
>
>
>
> ----------------------- Start of WSP Error -----------------------------
>
> WARNING:
>
> org.apache.ws.security.WSSecurityException: The signature or decryption
> was invalid
>
>                 at
> org.apache.ws.security.processor.ReferenceListProcessor.decryptEncryptedData(ReferenceListProcessor.java:314)
>
>                 at
> org.apache.ws.security.processor.ReferenceListProcessor.decryptDataRefEmbedded(ReferenceListProcessor.java:172)
>
>                 at
> org.apache.ws.security.processor.ReferenceListProcessor.handleReferenceList(ReferenceListProcessor.java:100)
>
>                 at
> org.apache.ws.security.processor.ReferenceListProcessor.handleToken(ReferenceListProcessor.java:60)
>
>                 at
> org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:396)
>
>                 at
> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:289)
>
>                 at
> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:97)
>
>                 at
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:262)
>
>                 at
> org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
>
>                 at
> org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:211)
>
>                 at
> org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:213)
>
>                 at
> org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:193)
>
>                 at
> org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:130)
>
>                 at
> org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:221)
>
>                 at
> org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:141)
>
>                 at
> javax.servlet.http.HttpServlet.service(HttpServlet.java:641)
>
>                 at
> org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:197)
>
>                 at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)
>
>                 at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
>
>                 at
> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:225)
>
>                 at
> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:169)
>
>                 at
> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)
>
>                 at
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:168)
>
>                 at
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98)
>
>                 at
> org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:927)
>
>                 at
> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
>
>                 at
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)
>
>                 at
> org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:999)
>
>                 at
> org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:565)
>
>                 at
> org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:307)
>
>                 at
> java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
>
>                 at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
>
>                 at java.lang.Thread.run(Thread.java:662)
>
> Caused by: org.apache.xml.security.encryption.XMLEncryptionException:
> Given final block not properly padded
>
> Original Exception was javax.crypto.BadPaddingException: Given final block
> not properly padded
>
>                 at
> org.apache.xml.security.encryption.XMLCipher.decryptToByteArray(XMLCipher.java:1766)
>
>                 at
> org.apache.xml.security.encryption.XMLCipher.decryptElement(XMLCipher.java:1612)
>
>                 at
> org.apache.xml.security.encryption.XMLCipher.decryptElementContent(XMLCipher.java:1650)
>
>                 at
> org.apache.xml.security.encryption.XMLCipher.doFinal(XMLCipher.java:978)
>
>                 at
> org.apache.ws.security.processor.ReferenceListProcessor.decryptEncryptedData(ReferenceListProcessor.java:312)
>
>                 ... 32 more
>
> Caused by: javax.crypto.BadPaddingException: Given final block not
> properly padded
>
>                 at com.sun.crypto.provider.SunJCE_f.b(DashoA13*..)
>
>                 at com.sun.crypto.provider.SunJCE_f.b(DashoA13*..)
>
>                 at
> com.sun.crypto.provider.AESCipher.engineDoFinal(DashoA13*..)
>
>                 at javax.crypto.Cipher.doFinal(DashoA13*..)
>
>                 at
> org.apache.xml.security.encryption.XMLCipher.decryptToByteArray(XMLCipher.java:1762)
>
>                 ... 36 more
>
> Jul 17, 2012 11:56:11 AM org.apache.cxf.phase.PhaseInterceptorChain
> doDefaultLogging
>
> WARNING: Interceptor for {
> http://www.example.org/contract/DoubleIt}DoubleItService has thrown
> exception, unwinding now
>
> org.apache.cxf.binding.soap.SoapFault: The signature or decryption was
> invalid
>
>                 at
> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.createSoapFault(WSS4JInInterceptor.java:780)
>
>                 at
> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:357)
>
>                 at
> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:97)
>
>                 at
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:262)
>
>                 at
> org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
>
>                 at
> org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:211)
>
>                 at
> org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:213)
>
>                 at
> org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:193)
>
>                 at
> org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:130)
>
>                 at
> org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:221)
>
>                 at
> org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:141)
>
>                 at
> javax.servlet.http.HttpServlet.service(HttpServlet.java:641)
>
>                 at
> org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:197)
>
>                 at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)
>
>                 at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
>
>                 at
> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:225)
>
>                 at
> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:169)
>
>                 at
> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)
>
>                 at
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:168)
>
>                 at
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98)
>
>                 at
> org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:927)
>
>                 at
> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
>
>                 at
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)
>
>                 at
> org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:999)
>
>                 at
> org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:565)
>
>                 at
> org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:307)
>
>                 at
> java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
>
>                 at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
>
>                 at java.lang.Thread.run(Thread.java:662)
>
> Caused by: org.apache.ws.security.WSSecurityException: The signature or
> decryption was invalid
>
>                 at
> org.apache.ws.security.processor.ReferenceListProcessor.decryptEncryptedData(ReferenceListProcessor.java:314)
>
>                 at
> org.apache.ws.security.processor.ReferenceListProcessor.decryptDataRefEmbedded(ReferenceListProcessor.java:172)
>
>                 at
> org.apache.ws.security.processor.ReferenceListProcessor.handleReferenceList(ReferenceListProcessor.java:100)
>
>                 at
> org.apache.ws.security.processor.ReferenceListProcessor.handleToken(ReferenceListProcessor.java:60)
>
>                 at
> org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:396)
>
>                 at
> org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:289)
>
>                 ... 27 more
>
> Caused by: org.apache.xml.security.encryption.XMLEncryptionException:
> Given final block not properly padded
>
> Original Exception was javax.crypto.BadPaddingException: Given final block
> not properly padded
>
>                 at
> org.apache.xml.security.encryption.XMLCipher.decryptToByteArray(XMLCipher.java:1766)
>
>                 at
> org.apache.xml.security.encryption.XMLCipher.decryptElement(XMLCipher.java:1612)
>
>                 at
> org.apache.xml.security.encryption.XMLCipher.decryptElementContent(XMLCipher.java:1650)
>
>                 at
> org.apache.xml.security.encryption.XMLCipher.doFinal(XMLCipher.java:978)
>
>                 at
> org.apache.ws.security.processor.ReferenceListProcessor.decryptEncryptedData(ReferenceListProcessor.java:312)
>
>                 ... 32 more
>
> Caused by: javax.crypto.BadPaddingException: Given final block not
> properly padded
>
>                 at com.sun.crypto.provider.SunJCE_f.b(DashoA13*..)
>
>                 at com.sun.crypto.provider.SunJCE_f.b(DashoA13*..)
>
>                 at
> com.sun.crypto.provider.AESCipher.engineDoFinal(DashoA13*..)
>
>                 at javax.crypto.Cipher.doFinal(DashoA13*..)
>
>                 at
> org.apache.xml.security.encryption.XMLCipher.decryptToByteArray(XMLCipher.java:1762)
>
>                 ... 36 more
>
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message