R
raymond.mh.ng
Recently I find a problem when using WSS4J to receive response back
from BEA WLI server.
The EncryptedKey tag of the response message from WLI server look like
the following ...
==================================================================
<xenc:EncryptedKey xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
<xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
<dsig:KeyInfo
xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:KeyName>CN=nowclient,
OU=pccw, O=pccw, L=hk, ST=hk, C=hk
</dsig:KeyName>
</dsig:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>n+SWt/StoosaSP/WkOhKaYri7aMRxncarq0gdfgU0UZ5G5pgAMHSX0JdYxR5mxAAXABzkg5BBmBDasg3G0uE++zBEhcrtCAdH3Uk8UD0w8u5r/jaIGDkzkoF3D5s1H+xT/T3zEdNss/CNBk0VnQI9sWmGGgwxr/6Q4zrn/w3w/8=
</xenc:CipherValue>
</xenc:CipherData>
<xenc:ReferenceList>
<xencataReference URI="#Id-Vf8rsB9mBndXWXqgzHvrPP8C"/>
</xenc:ReferenceList>
</xenc:EncryptedKey>
==================================================================
However, WSS4J (wsdl4j-1.5.1.jar) return the following error message
==================================================================
org.apache.ws.security.WSSecurityException: An error was discovered
processing the <wsse:Security> header. (WSSecurityEngine: EncryptedKey
does not contain ds:KeyInfo/wsse:SecurityTokenReference)
==================================================================
After I investigate the source code of WSS4J, I find the following have
been commented out in line 145 of EncryptedKeyProcessor.java
==================================================================
/*
* EncryptedKey must a a STR as child of KeyInfo,
KeyName
* valid only for EncryptedData
*/
// if (secRefToken == null) {
// secRefToken = (Element)
WSSecurityUtil.getDirectChild(keyInfo,
// "KeyName", WSConstants.SIG_NS);
// }
==================================================================
Which implied that only X509KeyIdentifier is supported for the response
message (not the IssuerSerial). However, BEA only support IssuerSerial.
Any way I can configure WSS4J (e.g. through the .wsdd file) to support
BEA's reply message?
from BEA WLI server.
The EncryptedKey tag of the response message from WLI server look like
the following ...
==================================================================
<xenc:EncryptedKey xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
<xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
<dsig:KeyInfo
xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:KeyName>CN=nowclient,
OU=pccw, O=pccw, L=hk, ST=hk, C=hk
</dsig:KeyName>
</dsig:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>n+SWt/StoosaSP/WkOhKaYri7aMRxncarq0gdfgU0UZ5G5pgAMHSX0JdYxR5mxAAXABzkg5BBmBDasg3G0uE++zBEhcrtCAdH3Uk8UD0w8u5r/jaIGDkzkoF3D5s1H+xT/T3zEdNss/CNBk0VnQI9sWmGGgwxr/6Q4zrn/w3w/8=
</xenc:CipherValue>
</xenc:CipherData>
<xenc:ReferenceList>
<xencataReference URI="#Id-Vf8rsB9mBndXWXqgzHvrPP8C"/>
</xenc:ReferenceList>
</xenc:EncryptedKey>
==================================================================
However, WSS4J (wsdl4j-1.5.1.jar) return the following error message
==================================================================
org.apache.ws.security.WSSecurityException: An error was discovered
processing the <wsse:Security> header. (WSSecurityEngine: EncryptedKey
does not contain ds:KeyInfo/wsse:SecurityTokenReference)
==================================================================
After I investigate the source code of WSS4J, I find the following have
been commented out in line 145 of EncryptedKeyProcessor.java
==================================================================
/*
* EncryptedKey must a a STR as child of KeyInfo,
KeyName
* valid only for EncryptedData
*/
// if (secRefToken == null) {
// secRefToken = (Element)
WSSecurityUtil.getDirectChild(keyInfo,
// "KeyName", WSConstants.SIG_NS);
// }
==================================================================
Which implied that only X509KeyIdentifier is supported for the response
message (not the IssuerSerial). However, BEA only support IssuerSerial.
Any way I can configure WSS4J (e.g. through the .wsdd file) to support
BEA's reply message?