Forum Discussion

jacinto's avatar
jacinto
Occasional Contributor
12 years ago

x509 Signing and Encryption Security Policy

Hi,

I'm trying to make a x509 Authenticated and protected message request, by calling an OSB service, consifured in this way:

- X509 protocol with authentication and Encryption
- Self Private Key to Sign
- Destination Public Key to Encrypt
- Recipient Public Key name in the message

this is one of the most likely information on this I've found:

http://blog.thilinamb.com/2011/02/invok ... -with.html,

and it didn'yt work, I assume the version is different, than mine (4.5.0), and all the other information I've found is old or could't meet my security configuration, because everytime I try to request to the service I get this error, where an element is missing, and I assum its the Recipient Key Alias:

'WSM-00092 : The <EncryptedKey> element is missing in the request.'

I tried to call the service by a JDev Client in java and it worked, this is the values passed:

- Security Policy: oracle/wss11_x509_token_with_message_protection_client_policy


        reqContext.put(ClientConstants.WSSEC_KEYSTORE_TYPE,       "JKS");
        reqContext.put(ClientConstants.WSSEC_KEYSTORE_LOCATION,   "C:/KeystoresWork/ClientStore.jks");
        
        reqContext.put(ClientConstants.WSSEC_ENC_KEY_ALIAS,       "serverkey"); (Encryption Key)
        reqContext.put(ClientConstants.WSSEC_RECIPIENT_KEY_ALIAS, "serverkey"); (Recipient Key)
        reqContext.put(ClientConstants.WSSEC_SIG_KEY_ALIAS,       "clientkey"); (Sign Key)


If anyone could give any hint on this I would really appreciate,

Thanks for all the help
  • nmrao's avatar
    nmrao
    Champion Level 3
    12 years ago
    It is mentioned the following in one of the comments on the url you pointed in your post

    If you guys are using SoapUI 4.X , you have to select a Digest algorithm, leaving it to cases to Message not signed error.
  • jacinto's avatar
    jacinto
    Occasional Contributor
    12 years ago
    Yes, I've configured it usig the digest message selectiong the '...09/xmldsig#sha1' value (and I also tried with all of them and nothing worked)

    And also tested with an Encryption Entry, and both cases are giving me a Security Authentication Error, thats why I think its not correctly configured.

    And my service is working in the self generated client from the OSB Console, and from JDev client, but in SopaUI it seems more complex

    But thanks for the reply anyway
  • nmrao's avatar
    nmrao
    Champion Level 3
    12 years ago
    Thanks for trying.

    I actualy wanted to point test steps property as below, sorry for not being clear earlier.
  • jacinto's avatar
    jacinto
    Occasional Contributor
    12 years ago
    Thanks again, but I'm stil unable to configure it to use x509 protection, can you send me an example project with the corect configuration so that I can see withc fields should be filed?

    My values are:

    Signature Alg: 'SHA1withRSA'
    Key Alg: 'RSA (1.024 bits)'

    And using an encription and protection policy called: 'oracle/wss11_x509_token_with_message_protection_client_policy'
    the other field, I don't know how to fill them, and wich algoriths are

    Thanks for the help so far
  • nmrao's avatar
    nmrao
    Champion Level 3
    12 years ago
    I wish i could. Unfortunately, do not have any samples with me.
  • jacinto's avatar
    jacinto
    Occasional Contributor
    12 years ago
    Ok, thanks again

    but have you ever configured any soapUI project with this policy? If so, and if you have any little time, I woud really apreciate if you make a simple test and send me, if not, thanks anyway for all the help so far
  • jacinto's avatar
    jacinto
    Occasional Contributor
    12 years ago
    Does anyone know how to configure soapUI with this policy?
    I've been trying but nothing, I really don't have any more possibilities to configure out in soapUI,

    Thanks