ws-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Colm O hEigeartaigh (Closed) (JIRA)" <j...@apache.org>
Subject [jira] [Closed] (WSS-228) Encryption with a UsernameToken is (almost) broken
Date Mon, 03 Oct 2011 09:04:40 GMT

     [ https://issues.apache.org/jira/browse/WSS-228?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Colm O hEigeartaigh closed WSS-228.
-----------------------------------

    
> Encryption with a UsernameToken is (almost) broken
> --------------------------------------------------
>
>                 Key: WSS-228
>                 URL: https://issues.apache.org/jira/browse/WSS-228
>             Project: WSS4J
>          Issue Type: Bug
>          Components: WSS4J Core
>    Affects Versions: 1.5.8
>            Reporter: Evan Leonard
>            Assignee: Ruchith Udayanga Fernando
>
> We just upgraded from 1.5.2 to 1.5.8 and our code for encryption w/ a username token
broke.
> Basically WSSecEncrypt now requires that prepare is called before getId. Our code was
not calling prepare in this case so getId was returning "null" which obviously doesn't work.
> Adding a call to prepare would be a simple fix if it didn't take an initialized crypto
instance. In the case of using a UsernameToken there is no certificates involved, and we don't
have any easily available in this code path. So I had to come up with this ugly work around:
> WSSecEncrypt builder = new WSSecEncrypt();
> ...
> KeyStore keystore = KeyStore.getInstance("JKS");
> CustomCrypto crypto = new CustomCrypto(keystore); //custom class to allow dire
> KeyStore store = CryptoUtils.loadCaCerts(); //loads the JVM cacerts keystore.
> Enumeration<String> aliases = store.aliases();
> String anAlias = aliases.nextElement();
> crypto.setKeyStore(store);
> builder.setUserInfo(anAlias);
> builder.prepare(doc,crypto);

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ws.apache.org
For additional commands, e-mail: dev-help@ws.apache.org


Mime
View raw message