IanWatson92
12 years agoOccasional Contributor
SecretKey not supported due to JCEKS keystores not supported
Hello,
I am trying to implement Outoing WS-Security to comply with the OWSM "oracle/wss11_username_token_with_message_protection_service_policy" which requires the Signature algorithm of "http://www.w3.org/2000/09/xmldsig#hmac-sha1"
The algorithm requires a SecretKey.
However it appears that the free version does not support a JCEKS keystore type and only supports a JKS keystore.
A JKS keystore doesn't support SecretKeys.
SOAPUI does however offer the option to use the signature algorithm.
To summarise:
JKS does not support SecretKeys
HMAC-SHA1 needs a SecretKey
SOAPUI supports HMAC-SHA1 but does not support a JCEKS keystore, so there is no way to get a secret key, hence will fail.
If you try and import a JCEKS keystore you will not be able to access the store due to SOAPUI thinking its a JKS keystore not a JCEKS.
I am trying to implement Outoing WS-Security to comply with the OWSM "oracle/wss11_username_token_with_message_protection_service_policy" which requires the Signature algorithm of "http://www.w3.org/2000/09/xmldsig#hmac-sha1"
The algorithm requires a SecretKey.
However it appears that the free version does not support a JCEKS keystore type and only supports a JKS keystore.
A JKS keystore doesn't support SecretKeys.
SOAPUI does however offer the option to use the signature algorithm.
To summarise:
JKS does not support SecretKeys
HMAC-SHA1 needs a SecretKey
SOAPUI supports HMAC-SHA1 but does not support a JCEKS keystore, so there is no way to get a secret key, hence will fail.
If you try and import a JCEKS keystore you will not be able to access the store due to SOAPUI thinking its a JKS keystore not a JCEKS.