ws-wss4j-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Laurence Brockman <laurence.brock...@sjrb.ca>
Subject RE: WSS4J and Kerberos signatures
Date Thu, 17 Nov 2005 23:08:36 GMT
All I did install it in the extensions directory and update the java.security file appropriately.
I didn't try anything else after that. I simply started using jdk1.4 for this project for
the time being ;)

 

If you'd like me to test otherwise, please let me know.

 

Laurence

 

  _____  

From: Granqvist, Hans [mailto:hgranqvist@verisign.com] 
Sent: November 17, 2005 3:49 PM
To: Laurence Brockman; Dittmann, Werner; dims@apache.org; wss4j-dev@ws.apache.org
Subject: RE: WSS4J and Kerberos signatures

 

Laurence, okay, perhaps it makes no difference. Do you get the same error if you load the
provider as unbundled (via explicit API call) as installed extension (using java.security)?

 

Werner, the reason I asked is that I have been bitten a few times by JCE providers that didn't
initialize properly on the classpath. I believe Sun's recommendation is to put providers inside
lib/ext, and I thought maybe Sun had optimized the loading in 1.5 and thereby broken some
implicit loading dependencies.

 

Hans

 

  _____  

From: Laurence Brockman [mailto:laurence.brockman@sjrb.ca]
Sent: Thu 11/17/2005 8:14 AM
To: Dittmann, Werner; Granqvist, Hans; dims@apache.org; wss4j-dev@ws.apache.org
Subject: RE: WSS4J and Kerberos signatures

I put it in the lib/ext director previously when I received the error so it doesn't seem to
make a difference if it is in the CLASSPATH or in the lib/ext directory.

Thanks,
Laurence

-----Original Message-----
From: Dittmann, Werner [mailto:werner.dittmann@siemens.com]
Sent: November 17, 2005 4:50 AM
To: Granqvist, Hans; Laurence Brockman; dims@apache.org; wss4j-dev@ws.apache.org
Subject: AW: WSS4J and Kerberos signatures

Hans,

haven't checked this. Do you think this makes a
difference? The BC jar is a signed jar, and we
never had problems using it via CLASSPATH ...

Regards,
Werner

> -----Urspr√ľngliche Nachricht-----
> Von: Granqvist, Hans [mailto:hgranqvist@verisign.com]
> Gesendet: Mittwoch, 16. November 2005 18:08
> An: Dittmann, Werner; Laurence Brockman; dims@apache.org;
> wss4j-dev@ws.apache.org
> Betreff: RE: WSS4J and Kerberos signatures
>
> Do you get the same errors if the jar is in lib/ext as if
> it is on the classpath?
>
> -Hans
>
> > -----Original Message-----
> > From: Dittmann, Werner [mailto:werner.dittmann@siemens.com]
> > Sent: Tuesday, November 15, 2005 11:02 PM
> > To: Laurence Brockman; dims@apache.org; wss4j-dev@ws.apache.org
> > Subject: AW: WSS4J and Kerberos signatures
> >
> > Laurence,
> >
> > I've the same problem here with jdk1.5, runing on a XP box,
> > no problems with jdk1.4 . I'm starting to investigate the
> > problem, but it seems to be burried somewhere in the crypto
> > code ... I'm not really sure what is wrong.
> >
> > Regards,
> > Werner
> >
> > > -----Urspr√ľngliche Nachricht-----
> > > Von: Laurence Brockman [mailto:laurence.brockman@sjrb.ca]
> > > Gesendet: Dienstag, 15. November 2005 22:18
> > > An: dims@apache.org; wss4j-dev@ws.apache.org
> > > Betreff: RE: WSS4J and Kerberos signatures
> > >
> > > Ok, I've done all that and it is processing more tests
> then before,
> > > however, it is still failing with the following (Again, I am using
> > > jdk1.5 and have added the provider to java.security as well as
> > > downloading the unlimited strength crypto stuff from sun).
> > >
> > > Any ideas would be awesome!
> > >
> > > org.apache.ws.security.WSSecurityException: Cannot
> encrypt/decrypt
> > > data; nested exception is:
> > >  
> > org.apache.xml.security.encryption.XMLEncryptionException:
> pad block
> > > corrupted Original Exception was
> > javax.crypto.BadPaddingException: pad
> > > block corrupted
> > >   at
> > > org.apache.ws.security.processor.EncryptedKeyProcessor.decrypt
> > > DataRef(En
> > > cryptedKeyProcessor.java:388)
> > >   at
> > > org.apache.ws.security.processor.EncryptedKeyProcessor.handleE
> > > ncryptedKe
> > > y(EncryptedKeyProcessor.java:313)
> > >   at
> > > org.apache.ws.security.processor.EncryptedKeyProcessor.handleE
> > > ncryptedKe
> > > y(EncryptedKeyProcessor.java:81)
> > >   at
> > > org.apache.ws.security.processor.EncryptedKeyProcessor.handleT
> > > oken(Encry
> > > ptedKeyProcessor.java:75)
> > >   at
> > > org.apache.ws.security.WSSecurityEngine.processSecurityHeader(
> > > WSSecurity
> > > Engine.java:252)
> > >   at
> > > org.apache.ws.security.WSSecurityEngine.processSecurityHeader(
> > > WSSecurity
> > > Engine.java:179)
> > >   at
> > > org.apache.ws.security.WSSecurityEngine.processSecurityHeader(
> > > WSSecurity
> > > Engine.java:132)
> > >   at wssec.TestWSSecurity2.verify(TestWSSecurity2.java:234)
> > >   at
> > > wssec.TestWSSecurity2.testEncryptionDecryptionRSA15(TestWSSecu
> > > rity2.java
> > > :162)
> > >   at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> > >   at
> > > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccess
> > > orImpl.jav
> > > a:39)
> > >   at
> > > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMeth
> > > odAccessor
> > > Impl.java:25)
> > >   at java.lang.reflect.Method.invoke(Method.java:585)
> > >   at junit.framework.TestCase.runTest(TestCase.java:154)
> > >   at junit.framework.TestCase.runBare(TestCase.java:127)
> > >   at junit.framework.TestResult$1.protect(TestResult.java:106)
> > >   at junit.framework.TestResult.runProtected(TestResult.java:124)
> > >   at junit.framework.TestResult.run(TestResult.java:109)
> > >   at junit.framework.TestCase.run(TestCase.java:118)
> > >   at junit.framework.TestSuite.runTest(TestSuite.java:208)
> > >   at junit.framework.TestSuite.run(TestSuite.java:203)
> > >   at junit.framework.TestSuite.runTest(TestSuite.java:208)
> > >   at junit.framework.TestSuite.run(TestSuite.java:203)
> > >   at
> > > org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTest
> > > s(RemoteTe
> > > stRunner.java:478)
> > >   at
> > > org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.run(Rem
> > > oteTestRun
> > > ner.java:344)
> > >   at
> > > org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.main(Re
> > > moteTestRu
> > > nner.java:196)
> > > Caused by:
> > org.apache.xml.security.encryption.XMLEncryptionException:
> > > pad block corrupted
> > > Original Exception was javax.crypto.BadPaddingException:
> pad block
> > > corrupted
> > >   at
> > > org.apache.xml.security.encryption.XMLCipher.decryptToByteArra
> > > y(Unknown
> > > Source)
> > >   at
> > >
> org.apache.xml.security.encryption.XMLCipher.decryptElement(Unknown
> > > Source)
> > >   at
> > > org.apache.xml.security.encryption.XMLCipher.decryptElementCon
> > > tent(Unkno
> > > wn Source)
> > >   at org.apache.xml.security.encryption.XMLCipher.doFinal(Unknown
> > > Source)
> > >   at
> > > org.apache.ws.security.processor.EncryptedKeyProcessor.decrypt
> > > DataRef(En
> > > cryptedKeyProcessor.java:386)
> > >   ... 25 more
> > >
> > >
> > > -----Original Message-----
> > > From: Davanum Srinivas [mailto:davanum@gmail.com]
> > > Sent: November 15, 2005 1:47 PM
> > > To: Laurence Brockman; wss4j-dev@ws.apache.org
> > > Subject: Re: WSS4J and Kerberos signatures
> > >
> > > http://www.bouncycastle.org/documentation.html
> > > http://www.bouncycastle.org/specifications.html#install
> > >
> > > scroll down a bit on the second link and look for java.security
> > >
> > > -- dims
> > >
> > > PS: Please post directly to the list. So that others may
> answer as
> > > well
> > > :)
> > >
> > > On 11/15/05, Laurence Brockman <laurence.brockman@sjrb.ca> wrote:
> > > > Thanks for such a quick reply! I think the problem is that
> > > I am using
> > > > jdk1.5... Does the bouncycastle.org site have information about
> > > > installing the bouncycastle provider or is there any other
> > > sites I can
> > > > get documentation about this?
> > > >
> > > > Thanks again!
> > > > Laurence
> > > >
> > > > -----Original Message-----
> > > > From: Davanum Srinivas [mailto:davanum@gmail.com]
> > > > Sent: November 15, 2005 1:40 PM
> > > > To: Laurence Brockman; wss4j-dev@ws.apache.org
> > > > Subject: Re: WSS4J and Kerberos signatures
> > > >
> > > > All the code needed is in the svn itself. you should
> not need any
> > > > additional jars. just get the stuff from SVN. make sure
> > you have the
> > > > strong crypto stuff installed in your JDK (check the
> > > download site for
> > > > the jdk and it is available as a separate download) and
> > > then run "ant
> > > > test". Are u using JDK1.4? (better to use that version,
> there is
> > > > additional steps for jdk1.5 - namely installing the boucnycastle
> > > > provider)
> > > >
> > > > NOTE: don't use the maven build :)
> > > >
> > > > thanks,
> > > > dims
> > > >
> > > > On 11/15/05, Laurence Brockman
> <laurence.brockman@sjrb.ca> wrote:
> > > > > Sounds good.
> > > > >
> > > > > Quick question... I've checked out the latest source
> > from SVN and
> > > I'm
> > > > > trying to run the Ant JUnit tests and they keep failing.
> > > When I run
> > > > the
> > > > > JUnit tests through eclipse directly they are throwing a
> > > connection
> > > > > denied exception. I have installed Axis 1.2.1 here but
> > I have not
> > > > > deployed any test web services so even if I start that up
> > > they still
> > > > > fail with service not found exceptions. Is there a
> way to easily
> > > > either
> > > > > test this stuff without deploying the test web services
> > > or to bypass
> > > > > these tests? I've also installed maven and tried to
> compile that
> > > way,
> > > > > but it is failing as well.
> > > > >
> > > > > I also noticed in the project.xml file that you have
> > excluded the
> > > > > wssec/PackageTests.java and the
> > interop/PackageTests.java. Is that
> > > > > because of the above mentioned errors?
> > > > >
> > > > > After looking through the source code, I believe what I
> > would want
> > > to
> > > > do
> > > > > would be to create Kerberos token processor and action
> > classes and
> > > add
> > > > a
> > > > > case into both getAction and getProcessor to point to
> these new
> > > > classes.
> > > > >
> > > > > Sorry for the barrage of questions.
> > > > >
> > > > > Thanks,
> > > > > Laurence
> > > > >
> > > > > -----Original Message-----
> > > > > From: Davanum Srinivas [mailto:davanum@gmail.com]
> > > > > Sent: November 14, 2005 3:02 PM
> > > > > To: Laurence Brockman
> > > > > Cc: wss4j-dev@ws.apache.org
> > > > > Subject: Re: WSS4J and Kerberos signatures
> > > > >
> > > > > Please see what is being done for SAML and use that as
> > a template
> > > for
> > > > > Kerberos.
> > > > >
> > > > > thanks,
> > > > > dims
> > > > >
> > > > > On 11/14/05, Laurence Brockman
> > <laurence.brockman@sjrb.ca> wrote:
> > > > > > Correct me if I'm wrong here, but this is what I'm thinking:
> > > > > >
> > > > > > After grabbing the source from SVN and looking at the
> > > documentation,
> > > > I
> > > > > > believe the right place for me to start would be to
> > extend the
> > > > > > org.apache.ws.axis.security class to handle the Kerberos
> > > > requirements
> > > > > > specified in the OASIS document.
> > > > > >
> > > > > > Forgive me for so many questions, but I'm new to
> > > Axis/WSS4J and I
> > > > want
> > > > > > to make sure that I'm heading down the right path.
> > > > > >
> > > > > > Specifically, what we are looking to implement is just the
> > > > > > authentication portion of Kerberos and not the
> > > encryption portion
> > > > (We
> > > > > > want to authenticate incoming SOAP requests against a
> > KDC). Down
> > > the
> > > > > > road we will likely look at the encryption portion, but
> > > that won't
> > > > > > likely be for a few months at least.
> > > > > >
> > > > > > Thanks again!!
> > > > > > Laurence
> > > > > >
> > > > > > -----Original Message-----
> > > > > > From: Davanum Srinivas [mailto:davanum@gmail.com]
> > > > > > Sent: November 11, 2005 8:18 PM
> > > > > > To: Laurence Brockman
> > > > > > Cc: wss4j-dev@ws.apache.org
> > > > > > Subject: Re: WSS4J and Kerberos signatures
> > > > > >
> > > > > > Laurence,
> > > > > >
> > > > > > I believe you start with taking a look at the Kerberos Token
> > > Profile
> > > > > > at the OASIS WSS TC web site:
> > > > > >
> > > > > >
> http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=wss
> > > > > >
> > > > > > There's lots of refactoring in the latest SVN, which
> > > makes it easy
> > > > to
> > > > > > plugin a new token profile. So please get the latest
> > > SVN code and
> > > > > > start asking more questions :)
> > > > > >
> > > > > > thanks,
> > > > > > dims
> > > > > >
> > > > > > On 11/10/05, Laurence Brockman
> > > <laurence.brockman@sjrb.ca> wrote:
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > > Hello,
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > > Sorry if this is a FAQ but I have been looking for
> > answers to
> > > this
> > > > > > high and
> > > > > > > low and have not seen this on the list.
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > > We are going to try and use Kerberos to
> > authenticate users on
> > > our
> > > > > SOAP
> > > > > > > server. What we envision is having the client send
> > > down the SOAP
> > > > > > request
> > > > > > > with a service ticket from a KDC. The server (Axis
> > using WSS4J
> > > on
> > > > > > Tomcat)
> > > > > > > would then authenticate this user against said KDC. After
> > > briefly
> > > > > > looking at
> > > > > > > the documentation within the WSS4J code I think
> > what we would
> > > want
> > > > > to
> > > > > > do is
> > > > > > > extend the WSDoAllHandler class (From the
> > > > > > > org.apache.axis.security.handler package). Is this
> > the right
> > > > > > > direction to be going in? Has anybody looked at
> > > this? I'm
> > > > > > relatively
> > > > > > > new to Axis/WSS4J and some guidance would be awesome!
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > > Thanks,
> > > > > > >
> > > > > > > Laurence
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > > Laurence Brockman
> > > > > > >  Server Specialist, Shaw Operations Centre  Shaw
> > > > > > > Communications Inc.
> > > > > > >  Phone : (403) 303-4805
> > > > > > >  E-mail : laurence.brockman@sjrb.ca
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > > ACCOUNTABLE    BALANCE    CUSTOMER FOCUSED    INTEGRITY
> > > LOYALTY
> > > > > > > POSITIVE, CAN DO ATTITUDE    TEAM PLAYER
> > > > > > >
> > > > > > >
> > > > > >
> > > > > >
> > > > > > --
> > > > > > Davanum Srinivas : http://wso2.com/blogs/
> > > > > >
> > > > > >
> > > >
> > >
> >
> ---------------------------------------------------------------------
> > > > > > To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
> > > > > > For additional commands, e-mail:
> wss4j-dev-help@ws.apache.org
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > > > --
> > > > > Davanum Srinivas : http://wso2.com/blogs/
> > > > >
> > > >
> > > >
> > > > --
> > > > Davanum Srinivas : http://wso2.com/blogs/
> > > >
> > >
> > >
> > > --
> > > Davanum Srinivas : http://wso2.com/blogs/
> > >
> > >
> >
> ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
> > > For additional commands, e-mail: wss4j-dev-help@ws.apache.org
> > >
> > >
> >
> >
> ---------------------------------------------------------------------
> > To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
> > For additional commands, e-mail: wss4j-dev-help@ws.apache.org
> >
> >
> >
>


Mime
View raw message