ws-fx-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dittmann Werner <werner.dittm...@siemens.com>
Subject AW: encryption not asking for the right private key
Date Thu, 02 Jun 2005 07:30:33 GMT
Nate,

both the Client and the Server use the Merlin calls to access
the keystore and to deal with certificates.

If you do Signature the the client needs _its_ private
key to sign, the server needs the client's public key
to verify.

If you encrypt then the client uses the _server's
public_ key to encrypt the symmetric session key, the
server uses _its_ private key to decrypt the session
key. Thus, the case you are describing is probably
a problem in the deployment - if you use Encryption
the you must use the server's certificate to do so
(the certificate contains the public key). To me it
seems that you specified the client's certificate to do
encryption.

Regards,
Werner

> -----Urspr√ľngliche Nachricht-----
> Von: Nathaniel A. Johnson [mailto:natjohns@indiana.edu] 
> Gesendet: Mittwoch, 1. Juni 2005 16:54
> An: fx-dev@ws.apache.org
> Betreff: encryption not asking for the right private key
> 
> 
> hi all,
> 
> i just posted this over on the axis list, but realized its probably
> better suited for the wss4j dev list... sorry for the cross post for
> those of you that are on both lists...
> 
> i have been stepping through the axis and wss4j code and am at a loss.
> here is the code it is getting to (inside Merlin.java):
> 
> public PrivateKey getPrivateKey(String alias, String password)
>     throws Exception {
>   if (alias == null) {
>     throw new Exception("alias is null");
>   }
>   boolean b = keystore.isKeyEntry(alias);
>   if (!b) {
>     log.error("Cannot find key for alias: " + alias);
>     throw new Exception("Cannot find key for alias: " + alias);
>   }
>   Key keyTmp = keystore.getKey(alias, password.toCharArray());
>   if (!(keyTmp instanceof PrivateKey)) {
>     throw new Exception("Key is not a private key, alias: " + alias);
>   }
>   return (PrivateKey) keyTmp;
> }
> 
> this is when the client calls to the service.  the client is 
> sending an
> encrypted/signed message.  what's happening is the server 
> (web service)
> is trying to get the private key for the client.  that just 
> doesnt make
> sense.  the server will not have a keyEntry (private key) for the
> client, just public keys.
> 
> does anyone have any idea where i might be going wrong?  i have been
> looking at this problem for over a week now, so maybe i am 
> just missing
> something?  i feel like i am going crazy.
> 
> thanks
> nate

Mime
View raw message