1 Attachment(s)
Help required - Unable to decrypt incoming messages
Hi All,
I am using wsse:Usernametoken to authenticate my incoming requests but my password is in plain text format which is obviously not secured. So i thought of encrypting UsernameToken to make it secure because I can't use password digest for some reason.
My user authentication works fine but when i try to encrypt/decrypt my requests i get following error. I also tried to use WSS4j security interceptor but got similar kind of error. So i am not sure what i am missing in here. Earlier I was using Soap UI to test my service but later on I wrote my own wss4j and axis based client to test it but still getting same error.
If you guyz need further information then please let me know. Please help me i am stuck here for last 2 days.
Error
----------------------
Code:
[XwsSecurityInterceptor] Could not validate request: com.sun.xml.wss.impl.WssSoapFaultException: Error while getting SecretKey from EncryptedKey; nested exception is com.sun.xml.wss.XWSSecurityException: com.sun.xml.wss.impl.WssSoapFaultException: Error while getting SecretKey from EncryptedKey
Security Configurations
----------------------
Code:
<bean id="wsSecurityInterceptor"
class="org.springframework.ws.soap.security.xwss.XwsSecurityInterceptor">
<property name="policyConfiguration" value="/WEB-INF/securityPolicy.xml" />
<property name="callbackHandlers">
<list>
<ref bean="keyStoreHandler" />
<ref bean="springSecurityHandler" />
</list>
</property>
</bean>
<bean id="keyStoreHandler"
class="org.springframework.ws.soap.security.xwss.callback.KeyStoreCallbackHandler">
<property name="keyStore" ref="keyStore" />
<property name="trustStore" ref="keyStore"/>
<property name="privateKeyPassword" value="changeit" />
</bean>
<bean id="keyStore"
class="org.springframework.ws.soap.security.support.KeyStoreFactoryBean">
<property name="password" value="storepass" />
<property name="location" value="/WEB-INF/classes/keystore.jks" />
</bean>
...
Security Configurations
----------------------
Code:
<xwss:SecurityConfiguration dumpMessages="false" xmlns:xwss="http://java.sun.com/xml/ns/xwss/config">
<xwss:RequireEncryption>
<xwss:EncryptionTarget value="{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}UsernameToken"></xwss:EncryptionTarget>
</xwss:RequireEncryption>
<xwss:RequireUsernameToken passwordDigestRequired="false" nonceRequired="false"/>
</xwss:SecurityConfiguration>
Script Used to Generate Keystore (changed dname and keystore path down there)
-------------------------------------------------------------------
Code:
keytool -genkeypair -alias CGA -keyalg RSA -dname "cn=a, ou=b, o=c, l=d, s=e, c=f" -keypass changeit -storetype jks -keystore .....\resources\keystore.jks -storepass storepass
Thanks,
Muein
p.s. bear this in mind that i am a newbie in this encryption stuff so i may be missing a very trivial thing.
