[jbossws-issues] [JBoss JIRA] (JBWS-1814) Dynamic Encryption based on clients input

Pratik Pai (JIRA) jira-events at lists.jboss.org
Tue Jul 24 01:10:07 EDT 2012 

    [ https://issues.jboss.org/browse/JBWS-1814?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12707454#comment-12707454 ] 

Pratik Pai commented on JBWS-1814:
----------------------------------

Hi Alessio,
This still has a bug wherein sometimes it throws an error saying:
Cannot get the certificate for message encryption! Verify the keystore contents, considering the certificate is obtained through the alias specified in the encrypt configuration element or (server side only) through a single key used to sign the incoming

This error is generated randomly i.e. sometimes it works but sometime it doesn't.

Any help with this would be highly appreciated!

Thanks in advance!

Regards,
Pratik Pai
                
> Dynamic Encryption based on clients input
> -----------------------------------------
>
>                 Key: JBWS-1814
>                 URL: https://issues.jboss.org/browse/JBWS-1814
>             Project: JBoss Web Services
>          Issue Type: Feature Request
>      Security Level: Public(Everyone can see) 
>          Components: ws-security
>    Affects Versions: jbossws-1.2.1, jbossws-2.0.1
>            Reporter: Magesh Bojan
>            Assignee: Alessio Soldano
>             Fix For: jbossws-native-3.0.1
>
>
> Let's say that Bob runs the web service and Alice has a client that uses the web service. Now John would also like to use the web service. John would create: 
> johns.keystore 
> ---------------- 
> john - keyPair (pub+priv) 
> bob - trustedCertEntry (pub) 
> johns.truststore 
> ---------------- 
> john - trustedCertEntry (just john's public key) 
> In addition, Bob's keystore would be updated to: 
> bobs.keystore 
> ---------------- 
> bob - keyPair (public + private key) 
> alice - trustedCertEntry (just alice's public key) 
> john - trustedCertEntry (just john's public key) 
> This does not pose a problem for encrypting the request from the client side since both Alice and John use Bob's public key to encrypt the message, and Bob of course uses his pirvate key to decrypt the message. But how is the response message encrypted?
> JBossWS apparently does not support multiple clients because the certificate used by the server to encrypt the response is specified statically in jboss-wsse-server.xml.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the jbossws-issues mailing list