___________________________ Marcus Sánchez Díaz. Enterprise Developer. SCJP - SCWCD.
---------- Forwarded message ---------- From: m4rkuz <m4r...@gmail.com> Date: Wed, Oct 14, 2009 at 10:50 AM Subject: +Rampart Sign with two Certificates To: axis-user@ws.apache.org Hello Everyone, I've been using axis2+rampart for a while now, I have an application that uses Axis2+Rampart for signing a validate the messages, it does this using only one .JKS with a key, the same .JKS, but now I been requested to change this behavior and make the app Sign the messages with one certificate and then validate the response with another certificate... How can I accomplish this? This is my current policy.xml : <?xml version="1.0" encoding="UTF-8"?> <wsp:Policy wsu:Id="Sign" xmlns:wsu=" http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd " xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"> <wsp:ExactlyOne> <wsp:All> <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> <wsp:Policy> <sp:InitiatorToken> <wsp:Policy> <sp:UsernameToken sp:IncludeToken=" http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient" /> </wsp:Policy> <wsp:Policy> <sp:X509Token sp:IncludeToken=" http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient "> <wsp:Policy> <sp:WssX509V3Token10 /> </wsp:Policy> </sp:X509Token> </wsp:Policy> </sp:InitiatorToken> <sp:RecipientToken> <wsp:Policy> <sp:X509Token sp:IncludeToken=" http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient "> <wsp:Policy> <sp:WssX509V3Token10 /> </wsp:Policy> </sp:X509Token> </wsp:Policy> </sp:RecipientToken> <sp:AlgorithmSuite> <wsp:Policy> <sp:TripleDesRsa15 /> </wsp:Policy> </sp:AlgorithmSuite> <sp:Layout> <wsp:Policy> <sp:Strict /> </wsp:Policy> </sp:Layout> <sp:OnlySignEntireHeadersAndBody /> </wsp:Policy> </sp:AsymmetricBinding> <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> <sp:Body /> </sp:SignedParts> <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy"> <ramp:user>sam</ramp:user> <ramp:encryptionUser>dave</ramp:encryptionUser> <ramp:passwordCallbackClass>co.como.security.axis2.PWCBHandler </ramp:passwordCallbackClass> <ramp:signatureCrypto> <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin"> <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property> <ramp:property name="org.apache.ws.security.crypto.merlin.file"> tomcatdir/webapps/qxIntegradorRunt/WebContent/keystore/keystore.jks </ramp:property> <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">mytestkeystore</ramp:property> </ramp:crypto> </ramp:signatureCrypto> </ramp:RampartConfig> </wsp:All> </wsp:ExactlyOne> </wsp:Policy> Any input, will be appreciated. Thanks ___________________________ Marcus Sánchez Díaz. Enterprise Developer. SCJP - SCWCD.