ws-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Colm O hEigeartaigh (Closed) (JIRA)" <>
Subject [jira] [Closed] (WSS-228) Encryption with a UsernameToken is (almost) broken
Date Mon, 03 Oct 2011 09:04:40 GMT


Colm O hEigeartaigh closed WSS-228.

> Encryption with a UsernameToken is (almost) broken
> --------------------------------------------------
>                 Key: WSS-228
>                 URL:
>             Project: WSS4J
>          Issue Type: Bug
>          Components: WSS4J Core
>    Affects Versions: 1.5.8
>            Reporter: Evan Leonard
>            Assignee: Ruchith Udayanga Fernando
> We just upgraded from 1.5.2 to 1.5.8 and our code for encryption w/ a username token
> Basically WSSecEncrypt now requires that prepare is called before getId. Our code was
not calling prepare in this case so getId was returning "null" which obviously doesn't work.
> Adding a call to prepare would be a simple fix if it didn't take an initialized crypto
instance. In the case of using a UsernameToken there is no certificates involved, and we don't
have any easily available in this code path. So I had to come up with this ugly work around:
> WSSecEncrypt builder = new WSSecEncrypt();
> ...
> KeyStore keystore = KeyStore.getInstance("JKS");
> CustomCrypto crypto = new CustomCrypto(keystore); //custom class to allow dire
> KeyStore store = CryptoUtils.loadCaCerts(); //loads the JVM cacerts keystore.
> Enumeration<String> aliases = store.aliases();
> String anAlias = aliases.nextElement();
> crypto.setKeyStore(store);
> builder.setUserInfo(anAlias);
> builder.prepare(doc,crypto);

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:!default.jspa
For more information on JIRA, see:


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message