Return-Path: Delivered-To: apmail-ws-wss4j-dev-archive@www.apache.org Received: (qmail 15838 invoked from network); 17 Nov 2005 11:50:55 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur.apache.org with SMTP; 17 Nov 2005 11:50:55 -0000 Received: (qmail 32742 invoked by uid 500); 17 Nov 2005 11:50:53 -0000 Delivered-To: apmail-ws-wss4j-dev-archive@ws.apache.org Received: (qmail 32699 invoked by uid 500); 17 Nov 2005 11:50:53 -0000 Mailing-List: contact wss4j-dev-help@ws.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Delivered-To: mailing list wss4j-dev@ws.apache.org Received: (qmail 32688 invoked by uid 99); 17 Nov 2005 11:50:53 -0000 Received: from asf.osuosl.org (HELO asf.osuosl.org) (140.211.166.49) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 17 Nov 2005 03:50:53 -0800 X-ASF-Spam-Status: No, hits=0.0 required=10.0 tests= X-Spam-Check-By: apache.org Received-SPF: neutral (asf.osuosl.org: local policy) Received: from [194.138.37.39] (HELO lizzard.sbs.de) (194.138.37.39) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 17 Nov 2005 03:52:26 -0800 Received: from mail1.sbs.de (localhost [127.0.0.1]) by lizzard.sbs.de (8.12.6/8.12.6) with ESMTP id jAHBo0lY028439; Thu, 17 Nov 2005 12:50:00 +0100 Received: from fthw9xpa.ww002.siemens.net (fthw9xpa.ww002.siemens.net [157.163.133.222]) by mail1.sbs.de (8.12.6/8.12.6) with ESMTP id jAHBo0A9014256; Thu, 17 Nov 2005 12:50:00 +0100 Received: from MCHP7I5A.ww002.siemens.net ([139.25.131.136]) by fthw9xpa.ww002.siemens.net with Microsoft SMTPSVC(6.0.3790.0); Thu, 17 Nov 2005 12:49:59 +0100 X-MimeOLE: Produced By Microsoft Exchange V6.5.7226.0 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Subject: AW: WSS4J and Kerberos signatures Date: Thu, 17 Nov 2005 12:49:59 +0100 Message-ID: X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: WSS4J and Kerberos signatures Thread-Index: AcXqJcliu1coVGJuQLCnTVzGRp/wnwAA8k7gABRzUIAAFSNgwAAnPESA From: "Dittmann, Werner" To: "Granqvist, Hans" , "Laurence Brockman" , , X-OriginalArrivalTime: 17 Nov 2005 11:49:59.0847 (UTC) FILETIME=[09CF4B70:01C5EB6D] X-Virus-Checked: Checked by ClamAV on apache.org X-Spam-Rating: minotaur.apache.org 1.6.2 0/1000/N Hans, haven't checked this. Do you think this makes a difference? The BC jar is a signed jar, and we never had problems using it via CLASSPATH ... Regards, Werner > -----Urspr=FCngliche Nachricht----- > Von: Granqvist, Hans [mailto:hgranqvist@verisign.com]=20 > Gesendet: Mittwoch, 16. November 2005 18:08 > An: Dittmann, Werner; Laurence Brockman; dims@apache.org;=20 > wss4j-dev@ws.apache.org > Betreff: RE: WSS4J and Kerberos signatures >=20 > Do you get the same errors if the jar is in lib/ext as if > it is on the classpath?=20 >=20 > -Hans >=20 > > -----Original Message----- > > From: Dittmann, Werner [mailto:werner.dittmann@siemens.com]=20 > > Sent: Tuesday, November 15, 2005 11:02 PM > > To: Laurence Brockman; dims@apache.org; wss4j-dev@ws.apache.org > > Subject: AW: WSS4J and Kerberos signatures > >=20 > > Laurence, > >=20 > > I've the same problem here with jdk1.5, runing on a XP box,=20 > > no problems with jdk1.4 . I'm starting to investigate the=20 > > problem, but it seems to be burried somewhere in the crypto=20 > > code ... I'm not really sure what is wrong. > >=20 > > Regards, > > Werner > >=20 > > > -----Urspr=FCngliche Nachricht----- > > > Von: Laurence Brockman [mailto:laurence.brockman@sjrb.ca] > > > Gesendet: Dienstag, 15. November 2005 22:18 > > > An: dims@apache.org; wss4j-dev@ws.apache.org > > > Betreff: RE: WSS4J and Kerberos signatures > > >=20 > > > Ok, I've done all that and it is processing more tests=20 > then before,=20 > > > however, it is still failing with the following (Again, I am using > > > jdk1.5 and have added the provider to java.security as well as=20 > > > downloading the unlimited strength crypto stuff from sun). > > >=20 > > > Any ideas would be awesome! > > >=20 > > > org.apache.ws.security.WSSecurityException: Cannot=20 > encrypt/decrypt=20 > > > data; nested exception is: > > > =09 > > org.apache.xml.security.encryption.XMLEncryptionException:=20 > pad block=20 > > > corrupted Original Exception was=20 > > javax.crypto.BadPaddingException: pad=20 > > > block corrupted > > > at > > > org.apache.ws.security.processor.EncryptedKeyProcessor.decrypt > > > DataRef(En > > > cryptedKeyProcessor.java:388) > > > at > > > org.apache.ws.security.processor.EncryptedKeyProcessor.handleE > > > ncryptedKe > > > y(EncryptedKeyProcessor.java:313) > > > at > > > org.apache.ws.security.processor.EncryptedKeyProcessor.handleE > > > ncryptedKe > > > y(EncryptedKeyProcessor.java:81) > > > at > > > org.apache.ws.security.processor.EncryptedKeyProcessor.handleT > > > oken(Encry > > > ptedKeyProcessor.java:75) > > > at > > > org.apache.ws.security.WSSecurityEngine.processSecurityHeader( > > > WSSecurity > > > Engine.java:252) > > > at > > > org.apache.ws.security.WSSecurityEngine.processSecurityHeader( > > > WSSecurity > > > Engine.java:179) > > > at > > > org.apache.ws.security.WSSecurityEngine.processSecurityHeader( > > > WSSecurity > > > Engine.java:132) > > > at wssec.TestWSSecurity2.verify(TestWSSecurity2.java:234) > > > at > > > wssec.TestWSSecurity2.testEncryptionDecryptionRSA15(TestWSSecu > > > rity2.java > > > :162) > > > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > > > at > > > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccess > > > orImpl.jav > > > a:39) > > > at > > > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMeth > > > odAccessor > > > Impl.java:25) > > > at java.lang.reflect.Method.invoke(Method.java:585) > > > at junit.framework.TestCase.runTest(TestCase.java:154) > > > at junit.framework.TestCase.runBare(TestCase.java:127) > > > at junit.framework.TestResult$1.protect(TestResult.java:106) > > > at junit.framework.TestResult.runProtected(TestResult.java:124) > > > at junit.framework.TestResult.run(TestResult.java:109) > > > at junit.framework.TestCase.run(TestCase.java:118) > > > at junit.framework.TestSuite.runTest(TestSuite.java:208) > > > at junit.framework.TestSuite.run(TestSuite.java:203) > > > at junit.framework.TestSuite.runTest(TestSuite.java:208) > > > at junit.framework.TestSuite.run(TestSuite.java:203) > > > at > > > org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTest > > > s(RemoteTe > > > stRunner.java:478) > > > at > > > org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.run(Rem > > > oteTestRun > > > ner.java:344) > > > at > > > org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.main(Re > > > moteTestRu > > > nner.java:196) > > > Caused by:=20 > > org.apache.xml.security.encryption.XMLEncryptionException: > > > pad block corrupted > > > Original Exception was javax.crypto.BadPaddingException:=20 > pad block=20 > > > corrupted > > > at > > > org.apache.xml.security.encryption.XMLCipher.decryptToByteArra > > > y(Unknown > > > Source) > > > at > > >=20 > org.apache.xml.security.encryption.XMLCipher.decryptElement(Unknown > > > Source) > > > at > > > org.apache.xml.security.encryption.XMLCipher.decryptElementCon > > > tent(Unkno > > > wn Source) > > > at org.apache.xml.security.encryption.XMLCipher.doFinal(Unknown > > > Source) > > > at > > > org.apache.ws.security.processor.EncryptedKeyProcessor.decrypt > > > DataRef(En > > > cryptedKeyProcessor.java:386) > > > ... 25 more > > >=20 > > >=20 > > > -----Original Message----- > > > From: Davanum Srinivas [mailto:davanum@gmail.com] > > > Sent: November 15, 2005 1:47 PM > > > To: Laurence Brockman; wss4j-dev@ws.apache.org > > > Subject: Re: WSS4J and Kerberos signatures > > >=20 > > > http://www.bouncycastle.org/documentation.html > > > http://www.bouncycastle.org/specifications.html#install > > >=20 > > > scroll down a bit on the second link and look for java.security > > >=20 > > > -- dims > > >=20 > > > PS: Please post directly to the list. So that others may=20 > answer as=20 > > > well > > > :) > > >=20 > > > On 11/15/05, Laurence Brockman wrote: > > > > Thanks for such a quick reply! I think the problem is that > > > I am using > > > > jdk1.5... Does the bouncycastle.org site have information about=20 > > > > installing the bouncycastle provider or is there any other > > > sites I can > > > > get documentation about this? > > > > > > > > Thanks again! > > > > Laurence > > > > > > > > -----Original Message----- > > > > From: Davanum Srinivas [mailto:davanum@gmail.com] > > > > Sent: November 15, 2005 1:40 PM > > > > To: Laurence Brockman; wss4j-dev@ws.apache.org > > > > Subject: Re: WSS4J and Kerberos signatures > > > > > > > > All the code needed is in the svn itself. you should=20 > not need any=20 > > > > additional jars. just get the stuff from SVN. make sure=20 > > you have the=20 > > > > strong crypto stuff installed in your JDK (check the > > > download site for > > > > the jdk and it is available as a separate download) and > > > then run "ant > > > > test". Are u using JDK1.4? (better to use that version,=20 > there is=20 > > > > additional steps for jdk1.5 - namely installing the boucnycastle > > > > provider) > > > > > > > > NOTE: don't use the maven build :) > > > > > > > > thanks, > > > > dims > > > > > > > > On 11/15/05, Laurence Brockman=20 > wrote: > > > > > Sounds good. > > > > > > > > > > Quick question... I've checked out the latest source=20 > > from SVN and > > > I'm > > > > > trying to run the Ant JUnit tests and they keep failing.=20 > > > When I run > > > > the > > > > > JUnit tests through eclipse directly they are throwing a > > > connection > > > > > denied exception. I have installed Axis 1.2.1 here but=20 > > I have not=20 > > > > > deployed any test web services so even if I start that up > > > they still > > > > > fail with service not found exceptions. Is there a=20 > way to easily > > > > either > > > > > test this stuff without deploying the test web services > > > or to bypass > > > > > these tests? I've also installed maven and tried to=20 > compile that > > > way, > > > > > but it is failing as well. > > > > > > > > > > I also noticed in the project.xml file that you have=20 > > excluded the=20 > > > > > wssec/PackageTests.java and the=20 > > interop/PackageTests.java. Is that=20 > > > > > because of the above mentioned errors? > > > > > > > > > > After looking through the source code, I believe what I=20 > > would want > > > to > > > > do > > > > > would be to create Kerberos token processor and action=20 > > classes and > > > add > > > > a > > > > > case into both getAction and getProcessor to point to=20 > these new > > > > classes. > > > > > > > > > > Sorry for the barrage of questions. > > > > > > > > > > Thanks, > > > > > Laurence > > > > > > > > > > -----Original Message----- > > > > > From: Davanum Srinivas [mailto:davanum@gmail.com] > > > > > Sent: November 14, 2005 3:02 PM > > > > > To: Laurence Brockman > > > > > Cc: wss4j-dev@ws.apache.org > > > > > Subject: Re: WSS4J and Kerberos signatures > > > > > > > > > > Please see what is being done for SAML and use that as=20 > > a template > > > for > > > > > Kerberos. > > > > > > > > > > thanks, > > > > > dims > > > > > > > > > > On 11/14/05, Laurence Brockman=20 > > wrote: > > > > > > Correct me if I'm wrong here, but this is what I'm thinking: > > > > > > > > > > > > After grabbing the source from SVN and looking at the > > > documentation, > > > > I > > > > > > believe the right place for me to start would be to=20 > > extend the=20 > > > > > > org.apache.ws.axis.security class to handle the Kerberos > > > > requirements > > > > > > specified in the OASIS document. > > > > > > > > > > > > Forgive me for so many questions, but I'm new to > > > Axis/WSS4J and I > > > > want > > > > > > to make sure that I'm heading down the right path. > > > > > > > > > > > > Specifically, what we are looking to implement is just the=20 > > > > > > authentication portion of Kerberos and not the > > > encryption portion > > > > (We > > > > > > want to authenticate incoming SOAP requests against a=20 > > KDC). Down > > > the > > > > > > road we will likely look at the encryption portion, but > > > that won't > > > > > > likely be for a few months at least. > > > > > > > > > > > > Thanks again!! > > > > > > Laurence > > > > > > > > > > > > -----Original Message----- > > > > > > From: Davanum Srinivas [mailto:davanum@gmail.com] > > > > > > Sent: November 11, 2005 8:18 PM > > > > > > To: Laurence Brockman > > > > > > Cc: wss4j-dev@ws.apache.org > > > > > > Subject: Re: WSS4J and Kerberos signatures > > > > > > > > > > > > Laurence, > > > > > > > > > > > > I believe you start with taking a look at the Kerberos Token > > > Profile > > > > > > at the OASIS WSS TC web site: > > > > > > > > > > > >=20 > http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=3Dwss > > > > > > > > > > > > There's lots of refactoring in the latest SVN, which > > > makes it easy > > > > to > > > > > > plugin a new token profile. So please get the latest > > > SVN code and > > > > > > start asking more questions :) > > > > > > > > > > > > thanks, > > > > > > dims > > > > > > > > > > > > On 11/10/05, Laurence Brockman > > > wrote: > > > > > > > > > > > > > > > > > > > > > > > > > > > > Hello, > > > > > > > > > > > > > > > > > > > > > > > > > > > > Sorry if this is a FAQ but I have been looking for=20 > > answers to > > > this > > > > > > high and > > > > > > > low and have not seen this on the list. > > > > > > > > > > > > > > > > > > > > > > > > > > > > We are going to try and use Kerberos to=20 > > authenticate users on > > > our > > > > > SOAP > > > > > > > server. What we envision is having the client send > > > down the SOAP > > > > > > request > > > > > > > with a service ticket from a KDC. The server (Axis=20 > > using WSS4J > > > on > > > > > > Tomcat) > > > > > > > would then authenticate this user against said KDC. After > > > briefly > > > > > > looking at > > > > > > > the documentation within the WSS4J code I think=20 > > what we would > > > want > > > > > to > > > > > > do is > > > > > > > extend the WSDoAllHandler class (From the=20 > > > > > > > org.apache.axis.security.handler package). Is this=20 > > the right=20 > > > > > > > direction to be going in? Has anybody looked at > > > this? I'm > > > > > > relatively > > > > > > > new to Axis/WSS4J and some guidance would be awesome! > > > > > > > > > > > > > > > > > > > > > > > > > > > > Thanks, > > > > > > > > > > > > > > Laurence > > > > > > > > > > > > > > > > > > > > > > > > > > > > Laurence Brockman > > > > > > > Server Specialist, Shaw Operations Centre Shaw=20 > > > > > > > Communications Inc. > > > > > > > Phone : (403) 303-4805 > > > > > > > E-mail : laurence.brockman@sjrb.ca > > > > > > > > > > > > > > > > > > > > > > > > > > > > ACCOUNTABLE BALANCE CUSTOMER FOCUSED INTEGRITY > > > LOYALTY > > > > > > > POSITIVE, CAN DO ATTITUDE TEAM PLAYER > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > -- > > > > > > Davanum Srinivas : http://wso2.com/blogs/ > > > > > > > > > > > > > > > >=20 > > >=20 > >=20 > --------------------------------------------------------------------- > > > > > > To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org > > > > > > For additional commands, e-mail:=20 > wss4j-dev-help@ws.apache.org > > > > > > > > > > > > > > > > > > > > > > > > > > > -- > > > > > Davanum Srinivas : http://wso2.com/blogs/ > > > > > > > > > > > > > > > > > -- > > > > Davanum Srinivas : http://wso2.com/blogs/ > > > > > > >=20 > > >=20 > > > -- > > > Davanum Srinivas : http://wso2.com/blogs/ > > >=20 > > >=20 > >=20 > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org > > > For additional commands, e-mail: wss4j-dev-help@ws.apache.org > > >=20 > > >=20 > >=20 > >=20 > --------------------------------------------------------------------- > > To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org > > For additional commands, e-mail: wss4j-dev-help@ws.apache.org > >=20 > >=20 > >=20 >=20 --------------------------------------------------------------------- To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org For additional commands, e-mail: wss4j-dev-help@ws.apache.org