ws-wss4j-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Laurence Brockman <laurence.brock...@sjrb.ca>
Subject RE: WSS4J and Kerberos signatures
Date Tue, 15 Nov 2005 21:18:04 GMT
Ok, I've done all that and it is processing more tests then before,
however, it is still failing with the following (Again, I am using
jdk1.5 and have added the provider to java.security as well as
downloading the unlimited strength crypto stuff from sun).

Any ideas would be awesome!

org.apache.ws.security.WSSecurityException: Cannot encrypt/decrypt data;
nested exception is: 
	org.apache.xml.security.encryption.XMLEncryptionException: pad
block corrupted
Original Exception was javax.crypto.BadPaddingException: pad block
corrupted
	at
org.apache.ws.security.processor.EncryptedKeyProcessor.decryptDataRef(En
cryptedKeyProcessor.java:388)
	at
org.apache.ws.security.processor.EncryptedKeyProcessor.handleEncryptedKe
y(EncryptedKeyProcessor.java:313)
	at
org.apache.ws.security.processor.EncryptedKeyProcessor.handleEncryptedKe
y(EncryptedKeyProcessor.java:81)
	at
org.apache.ws.security.processor.EncryptedKeyProcessor.handleToken(Encry
ptedKeyProcessor.java:75)
	at
org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurity
Engine.java:252)
	at
org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurity
Engine.java:179)
	at
org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurity
Engine.java:132)
	at wssec.TestWSSecurity2.verify(TestWSSecurity2.java:234)
	at
wssec.TestWSSecurity2.testEncryptionDecryptionRSA15(TestWSSecurity2.java
:162)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.jav
a:39)
	at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessor
Impl.java:25)
	at java.lang.reflect.Method.invoke(Method.java:585)
	at junit.framework.TestCase.runTest(TestCase.java:154)
	at junit.framework.TestCase.runBare(TestCase.java:127)
	at junit.framework.TestResult$1.protect(TestResult.java:106)
	at junit.framework.TestResult.runProtected(TestResult.java:124)
	at junit.framework.TestResult.run(TestResult.java:109)
	at junit.framework.TestCase.run(TestCase.java:118)
	at junit.framework.TestSuite.runTest(TestSuite.java:208)
	at junit.framework.TestSuite.run(TestSuite.java:203)
	at junit.framework.TestSuite.runTest(TestSuite.java:208)
	at junit.framework.TestSuite.run(TestSuite.java:203)
	at
org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTe
stRunner.java:478)
	at
org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.run(RemoteTestRun
ner.java:344)
	at
org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.main(RemoteTestRu
nner.java:196)
Caused by: org.apache.xml.security.encryption.XMLEncryptionException:
pad block corrupted
Original Exception was javax.crypto.BadPaddingException: pad block
corrupted
	at
org.apache.xml.security.encryption.XMLCipher.decryptToByteArray(Unknown
Source)
	at
org.apache.xml.security.encryption.XMLCipher.decryptElement(Unknown
Source)
	at
org.apache.xml.security.encryption.XMLCipher.decryptElementContent(Unkno
wn Source)
	at org.apache.xml.security.encryption.XMLCipher.doFinal(Unknown
Source)
	at
org.apache.ws.security.processor.EncryptedKeyProcessor.decryptDataRef(En
cryptedKeyProcessor.java:386)
	... 25 more


-----Original Message-----
From: Davanum Srinivas [mailto:davanum@gmail.com] 
Sent: November 15, 2005 1:47 PM
To: Laurence Brockman; wss4j-dev@ws.apache.org
Subject: Re: WSS4J and Kerberos signatures

http://www.bouncycastle.org/documentation.html
http://www.bouncycastle.org/specifications.html#install

scroll down a bit on the second link and look for java.security

-- dims

PS: Please post directly to the list. So that others may answer as well
:)

On 11/15/05, Laurence Brockman <laurence.brockman@sjrb.ca> wrote:
> Thanks for such a quick reply! I think the problem is that I am using
> jdk1.5... Does the bouncycastle.org site have information about
> installing the bouncycastle provider or is there any other sites I can
> get documentation about this?
>
> Thanks again!
> Laurence
>
> -----Original Message-----
> From: Davanum Srinivas [mailto:davanum@gmail.com]
> Sent: November 15, 2005 1:40 PM
> To: Laurence Brockman; wss4j-dev@ws.apache.org
> Subject: Re: WSS4J and Kerberos signatures
>
> All the code needed is in the svn itself. you should not need any
> additional jars. just get the stuff from SVN. make sure you have the
> strong crypto stuff installed in your JDK (check the download site for
> the jdk and it is available as a separate download) and then run "ant
> test". Are u using JDK1.4? (better to use that version, there is
> additional steps for jdk1.5 - namely installing the boucnycastle
> provider)
>
> NOTE: don't use the maven build :)
>
> thanks,
> dims
>
> On 11/15/05, Laurence Brockman <laurence.brockman@sjrb.ca> wrote:
> > Sounds good.
> >
> > Quick question... I've checked out the latest source from SVN and
I'm
> > trying to run the Ant JUnit tests and they keep failing. When I run
> the
> > JUnit tests through eclipse directly they are throwing a connection
> > denied exception. I have installed Axis 1.2.1 here but I have not
> > deployed any test web services so even if I start that up they still
> > fail with service not found exceptions. Is there a way to easily
> either
> > test this stuff without deploying the test web services or to bypass
> > these tests? I've also installed maven and tried to compile that
way,
> > but it is failing as well.
> >
> > I also noticed in the project.xml file that you have excluded the
> > wssec/PackageTests.java and the interop/PackageTests.java. Is that
> > because of the above mentioned errors?
> >
> > After looking through the source code, I believe what I would want
to
> do
> > would be to create Kerberos token processor and action classes and
add
> a
> > case into both getAction and getProcessor to point to these new
> classes.
> >
> > Sorry for the barrage of questions.
> >
> > Thanks,
> > Laurence
> >
> > -----Original Message-----
> > From: Davanum Srinivas [mailto:davanum@gmail.com]
> > Sent: November 14, 2005 3:02 PM
> > To: Laurence Brockman
> > Cc: wss4j-dev@ws.apache.org
> > Subject: Re: WSS4J and Kerberos signatures
> >
> > Please see what is being done for SAML and use that as a template
for
> > Kerberos.
> >
> > thanks,
> > dims
> >
> > On 11/14/05, Laurence Brockman <laurence.brockman@sjrb.ca> wrote:
> > > Correct me if I'm wrong here, but this is what I'm thinking:
> > >
> > > After grabbing the source from SVN and looking at the
documentation,
> I
> > > believe the right place for me to start would be to extend the
> > > org.apache.ws.axis.security class to handle the Kerberos
> requirements
> > > specified in the OASIS document.
> > >
> > > Forgive me for so many questions, but I'm new to Axis/WSS4J and I
> want
> > > to make sure that I'm heading down the right path.
> > >
> > > Specifically, what we are looking to implement is just the
> > > authentication portion of Kerberos and not the encryption portion
> (We
> > > want to authenticate incoming SOAP requests against a KDC). Down
the
> > > road we will likely look at the encryption portion, but that won't
> > > likely be for a few months at least.
> > >
> > > Thanks again!!
> > > Laurence
> > >
> > > -----Original Message-----
> > > From: Davanum Srinivas [mailto:davanum@gmail.com]
> > > Sent: November 11, 2005 8:18 PM
> > > To: Laurence Brockman
> > > Cc: wss4j-dev@ws.apache.org
> > > Subject: Re: WSS4J and Kerberos signatures
> > >
> > > Laurence,
> > >
> > > I believe you start with taking a look at the Kerberos Token
Profile
> > > at the OASIS WSS TC web site:
> > >
> > > http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=wss
> > >
> > > There's lots of refactoring in the latest SVN, which makes it easy
> to
> > > plugin a new token profile. So please get the latest SVN code and
> > > start asking more questions :)
> > >
> > > thanks,
> > > dims
> > >
> > > On 11/10/05, Laurence Brockman <laurence.brockman@sjrb.ca> wrote:
> > > >
> > > >
> > > >
> > > > Hello,
> > > >
> > > >
> > > >
> > > > Sorry if this is a FAQ but I have been looking for answers to
this
> > > high and
> > > > low and have not seen this on the list.
> > > >
> > > >
> > > >
> > > > We are going to try and use Kerberos to authenticate users on
our
> > SOAP
> > > > server. What we envision is having the client send down the SOAP
> > > request
> > > > with a service ticket from a KDC. The server (Axis using WSS4J
on
> > > Tomcat)
> > > > would then authenticate this user against said KDC. After
briefly
> > > looking at
> > > > the documentation within the WSS4J code I think what we would
want
> > to
> > > do is
> > > > extend the WSDoAllHandler class (From the
> > > > org.apache.axis.security.handler package). Is this the
> > > > right direction to be going in? Has anybody looked at this? I'm
> > > relatively
> > > > new to Axis/WSS4J and some guidance would be awesome!
> > > >
> > > >
> > > >
> > > > Thanks,
> > > >
> > > > Laurence
> > > >
> > > >
> > > >
> > > > Laurence Brockman
> > > >  Server Specialist, Shaw Operations Centre
> > > >  Shaw Communications Inc.
> > > >  Phone : (403) 303-4805
> > > >  E-mail : laurence.brockman@sjrb.ca
> > > >
> > > >
> > > >
> > > > ACCOUNTABLE    BALANCE    CUSTOMER FOCUSED    INTEGRITY
LOYALTY
> > > > POSITIVE, CAN DO ATTITUDE    TEAM PLAYER
> > > >
> > > >
> > >
> > >
> > > --
> > > Davanum Srinivas : http://wso2.com/blogs/
> > >
> > >
> ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
> > > For additional commands, e-mail: wss4j-dev-help@ws.apache.org
> > >
> > >
> >
> >
> > --
> > Davanum Srinivas : http://wso2.com/blogs/
> >
>
>
> --
> Davanum Srinivas : http://wso2.com/blogs/
>


--
Davanum Srinivas : http://wso2.com/blogs/

---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org


Mime
View raw message