Hi Marcus;
The 'subject' of the mail doesn't seem to reflect the same in the
'description' of the mail - if I understood correctly...
If you want the client to sign the message with one certificate and the
service to sign with another certificate - then it is already supported
under AsymmetricBinding.
Or - do you want either the client or the service to sign the message
with two different certificates ?
Thanks & regards.
-Prabath
m4rkuz wrote:
___________________________
Marcus Sánchez Díaz.
Enterprise Developer.
SCJP - SCWCD.
---------- Forwarded message ----------
From: *m4rkuz* <m4r...@gmail.com <mailto:m4r...@gmail.com>>
Date: Wed, Oct 14, 2009 at 10:50 AM
Subject: +Rampart Sign with two Certificates
To: axis-user@ws.apache.org <mailto:axis-user@ws.apache.org>
Hello Everyone,
I've been using axis2+rampart for a while now, I have an application
that uses Axis2+Rampart for signing a validate the messages, it does
this using only one .JKS with a key, the same .JKS, but now I been
requested to change this behavior and make the app Sign the messages
with one certificate and then validate the response with another
certificate...
How can I accomplish this?
This is my current policy.xml :
<?xml version="1.0" encoding="UTF-8"?>
<wsp:Policy wsu:Id="Sign"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
<wsp:ExactlyOne>
<wsp:All>
<sp:AsymmetricBinding
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy>
<sp:InitiatorToken>
<wsp:Policy>
<sp:UsernameToken
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient"
/>
</wsp:Policy>
<wsp:Policy>
<sp:X509Token
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
<wsp:Policy>
<sp:WssX509V3Token10 />
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:InitiatorToken>
<sp:RecipientToken>
<wsp:Policy>
<sp:X509Token
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
<wsp:Policy>
<sp:WssX509V3Token10 />
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:RecipientToken>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:TripleDesRsa15 />
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
<wsp:Policy>
<sp:Strict />
</wsp:Policy>
</sp:Layout>
<sp:OnlySignEntireHeadersAndBody />
</wsp:Policy>
</sp:AsymmetricBinding>
<sp:SignedParts
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<sp:Body />
</sp:SignedParts>
<ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
<ramp:user>sam</ramp:user>
<ramp:encryptionUser>dave</ramp:encryptionUser>
<ramp:passwordCallbackClass>co.como.security.axis2.PWCBHandler
</ramp:passwordCallbackClass>
<ramp:signatureCrypto>
<ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
<ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
<ramp:property name="org.apache.ws.security.crypto.merlin.file">
tomcatdir/webapps/qxIntegradorRunt/WebContent/keystore/keystore.jks
</ramp:property>
<ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.password">mytestkeystore</ramp:property>
</ramp:crypto>
</ramp:signatureCrypto>
</ramp:RampartConfig>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
Any input, will be appreciated.
Thanks
___________________________
Marcus Sánchez Díaz.
Enterprise Developer.
SCJP - SCWCD.