Werner,
Here we go:
private void setOptions() throws ConfigurationException {
this.setOption(WSHandlerConstants.MUST_UNDERSTAND,
ApplicationProperties.instance().getProperty("security.piv.receiver.securityhandler.mustunderstand"));
// Use AES-256
this.setOption(WSHandlerConstants.ENC_SYM_ALGO,
WSConstants.AES_256);
Keystore
this.setOption(WSHandlerConstants.ENCRYPTION_USER,
ApplicationProperties.instance().getProperty("security.piv.receiver.encryptionhandler.alias"));
this.setOption(WSHandlerConstants.USER,
ApplicationProperties.instance().getProperty("security.piv.receiver.securityhandler.alias"));
this.setOption(WSHandlerConstants.ENC_KEY_ID,
ApplicationProperties.instance().getProperty("security.piv.receiver.encryptionhandler.key.id"));
this.setOption(WSHandlerConstants.SIG_KEY_ID,
ApplicationProperties.instance().getProperty("security.piv.receiver.securityhandler.key.id"));
this.setOption(WSHandlerConstants.SIGNATURE_PARTS,
ApplicationProperties.instance().getProperty("security.piv.receiver.securityhandler.parts"));
this.setOption(WSHandlerConstants.ENCRYPTION_PARTS,
ApplicationProperties.instance().getProperty("security.piv.receiver.encryptionhandler.parts"));
this.setOption(WSHandlerConstants.ENC_PROP_FILE,
ApplicationProperties.instance().getProperty("security.piv.receiver.propfile"));
this.setOption(WSHandlerConstants.DEC_PROP_FILE,
ApplicationProperties.instance().getProperty("security.piv.receiver.propfile"));
this.setOption(WSHandlerConstants.SIG_PROP_FILE,
ApplicationProperties.instance().getProperty("security.piv.receiver.propfile"));
this.setOption(WSHandlerConstants.PW_CALLBACK_CLASS,
ApplicationProperties.instance().getProperty("security.piv.receiver.password.callback.class"));
}
The properties above are set as follows:
security.piv.receiver.propfile=receiver.secproperties
security.piv.receiver.password.callback.class=x.y.z.PWCallback
security.piv.receiver.securityhandler.ttl=300
security.piv.receiver.securityhandler.parts={}{http://schemas.xmlsoap.org/soap/envelope/}Body;{}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp
security.piv.receiver.securityhandler.mustunderstand=false
security.piv.receiver.securityhandler.alias=refapp piv receiver
security.piv.receiver.securityhandler.key.id=DirectReference
security.piv.receiver.encryptionhandler.parts={}{http://schemas.xmlsoap.org/soap/envelope/}Body
security.piv.receiver.encryptionhandler.alias=refapp piv transmitter
security.piv.receiver.encryptionhandler.key.id=X509KeyIdentifier
Regards,
Yves
On Mon, 2005-03-21 at 07:41 +0100, Dittmann Werner wrote:
> Yves,
>
> can you send to deployment params you use? Did
> it work before, or did you modify some parts,
> e.g. downloadig a new version of WSS4J?
>
> Thanks,
> Werner
>
> > -----UrsprÃngliche Nachricht-----
> > Von: Yves Langisch [mailto:[EMAIL PROTECTED]
> > Gesendet: Freitag, 18. MÃrz 2005 16:34
> > An: fx-dev
> > Betreff: SecurityTokenReference issue?
> >
> >
> > All,
> >
> > If I use a reference to a subject key identifier I got the
> > following on
> > the wire:
> >
> > ...
> > <wsse:SecurityTokenReference><wsse:KeyIdentifier
> > EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200
> > 401-wss-soap-message-security-1.0#Base64Binary"
> > ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401
> > -wss-x509-token-profile-1.0#X509v3">MIID6TCCA1KgAwIBAgIBATANBg
> > kqhkiG9w0BAQQFADCBoDELMAkGA1UEBhMCQ0gxDTALBgNVBAgT
> > BEJlcm4xDTALBgNVBAcTBEJlcm4xEzARBgNVBAoTCml0U2VydmUgQUcxGDAWBg
> > NVBAsTD0xvaG5z
> > dGFuZGFyZC1DSDEcMBoGA1UEAxMTUmVmQXBwIFBJViBSZWNlaXZlcjEmMCQGCS
> > qGSIb3DQEJARYX
> > bG9obnN0YW5kYXJkQGl0c2VydmUuY2gwHhcNMDQwNzAyMDkwMzU3WhcNMDUwNz
> > AyMDkwMzU3WjCB
> > ....y0PZksq
> > +C8tEO3Xjukv83CklYo6KELoH83sBJBmiXFQs8ClGmBejn/RLnp</wsse:KeyI
> > dentifier></wsse:SecurityTokenReference>
> > </ds:KeyInfo>
> > ...
> >
> > Per the X.509 Certificate Token Profile (section 3.2.1) the ValueType
> > attribute must be
> > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-t
> oken-profile-1.0#X509SubjectKeyIdentifier and should contain the encoded
> SubjectKeyIdentifier of the certificate and not the entire certificate as
> above.
>
>
> Is this a bug or am I wrong?
>
> Yves
>
