Announcement Announcement Module
Collapse
No announcement yet.
Help required - Unable to decrypt incoming messages Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Help required - Unable to decrypt incoming messages

    Hi All,

    I am using wsse:Usernametoken to authenticate my incoming requests but my password is in plain text format which is obviously not secured. So i thought of encrypting UsernameToken to make it secure because I can't use password digest for some reason.

    My user authentication works fine but when i try to encrypt/decrypt my requests i get following error. I also tried to use WSS4j security interceptor but got similar kind of error. So i am not sure what i am missing in here. Earlier I was using Soap UI to test my service but later on I wrote my own wss4j and axis based client to test it but still getting same error.

    If you guyz need further information then please let me know. Please help me i am stuck here for last 2 days.

    Error
    ----------------------
    Code:
    [XwsSecurityInterceptor] Could not validate request: com.sun.xml.wss.impl.WssSoapFaultException: Error while getting SecretKey from EncryptedKey; nested exception is com.sun.xml.wss.XWSSecurityException: com.sun.xml.wss.impl.WssSoapFaultException: Error while getting SecretKey from EncryptedKey
    Security Configurations
    ----------------------
    Code:
    <bean id="wsSecurityInterceptor"
    		class="org.springframework.ws.soap.security.xwss.XwsSecurityInterceptor">
    		<property name="policyConfiguration" value="/WEB-INF/securityPolicy.xml" />
    		<property name="callbackHandlers">
    			<list>
    				<ref bean="keyStoreHandler" />
    				<ref bean="springSecurityHandler" />
    			</list>
    		</property>
    	</bean>
    	<bean id="keyStoreHandler"
    		class="org.springframework.ws.soap.security.xwss.callback.KeyStoreCallbackHandler">
    		<property name="keyStore" ref="keyStore" />
    		<property name="trustStore" ref="keyStore"/>
    		<property name="privateKeyPassword" value="changeit" />
    	</bean>
    	<bean id="keyStore"
    		class="org.springframework.ws.soap.security.support.KeyStoreFactoryBean">
    		<property name="password" value="storepass" />
    		<property name="location" value="/WEB-INF/classes/keystore.jks" />
    	</bean>
    ...
    Security Configurations
    ----------------------
    Code:
    <xwss:SecurityConfiguration dumpMessages="false" xmlns:xwss="http://java.sun.com/xml/ns/xwss/config">
    	<xwss:RequireEncryption>
    		<xwss:EncryptionTarget value="{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}UsernameToken"></xwss:EncryptionTarget>
    	</xwss:RequireEncryption>
        <xwss:RequireUsernameToken passwordDigestRequired="false" nonceRequired="false"/>
    </xwss:SecurityConfiguration>
    Script Used to Generate Keystore (changed dname and keystore path down there)
    -------------------------------------------------------------------
    Code:
    keytool -genkeypair -alias CGA -keyalg RSA -dname "cn=a, ou=b, o=c, l=d, s=e, c=f" -keypass changeit -storetype jks -keystore .....\resources\keystore.jks -storepass storepass
    Thanks,
    Muein

    p.s. bear this in mind that i am a newbie in this encryption stuff so i may be missing a very trivial thing.
    Last edited by mmuzamil; May 26th, 2009, 07:28 AM.

  • #2
    Hi All,

    Finally I have solved this issue, i had to do couple of things to solve it. First i changed RequireEncryption tag in my securityPolicy.xml like this.


    Code:
     	<xwss:RequireEncryption>
    		<xwss:X509Token keyReferenceType="IssuerSerialNumber"/>
    		<xwss:EncryptionTarget value="{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}UsernameToken"></xwss:EncryptionTarget>
    	</xwss:RequireEncryption>
    It still didn't solved my issue and i was getting same error. At the end issue turned out to be a library issue. Earlier I was using "xws-security-2.0-FCS.jar" which came with the spring ws 1.5.6. As soon as I switched to its latest version i.e. "xws-security-3.0.jar", my code started working fine. I downloaded the jar from following link http://download.java.net/maven/1/com.sun.xml.wss/jars/. I am not sure for what reason the spring team has kept the old version of xws security in the latest build. i would request spring team to look into this issue and update this library in coming releases.

    Regards
    Muein
    Last edited by mmuzamil; May 27th, 2009, 06:33 AM.

    Comment

    Working...
    X