Werner, You're right, I confused the parameters. I'll try it later.
Thanks, Yves On Mon, 2005-03-21 at 12:44 +0100, Dittmann Werner wrote: > Yves, > > after looking at the params then, at least for encryption, > its all ok. You specify "X509KeyIdentifier" for encryption. > That means that the CERT is inserted in the way seen in the > request. This method was specified in a previous version > of the WSS specifications, the current specs don't mention it, > mainly because of security reasons. > > To achive the behaviour you would like (SubjectKeyIdentifier) > you shall define "SKIKeyIdentifier" as the way to > identify the key. > > Can you give it a try? > > Regards, > Werner > > > -----UrsprÃngliche Nachricht----- > > Von: Yves Langisch [mailto:[EMAIL PROTECTED] > > Gesendet: Montag, 21. MÃrz 2005 12:14 > > An: Dittmann Werner > > Cc: fx-dev > > Betreff: Re: AW: SecurityTokenReference issue? > > > > > > Werner, > > > > Here we go: > > > > private void setOptions() throws ConfigurationException { > > this.setOption(WSHandlerConstants.MUST_UNDERSTAND, > > > > ApplicationProperties.instance().getProperty("security.piv.rec > > eiver.securityhandler.mustunderstand")); > > > > // Use AES-256 > > this.setOption(WSHandlerConstants.ENC_SYM_ALGO, > > WSConstants.AES_256); > > > > Keystore > > this.setOption(WSHandlerConstants.ENCRYPTION_USER, > > > > ApplicationProperties.instance().getProperty("security.piv.rec > > eiver.encryptionhandler.alias")); > > this.setOption(WSHandlerConstants.USER, > > > > ApplicationProperties.instance().getProperty("security.piv.rec > > eiver.securityhandler.alias")); > > > > this.setOption(WSHandlerConstants.ENC_KEY_ID, > > > > ApplicationProperties.instance().getProperty("security.piv.rec > > eiver.encryptionhandler.key.id")); > > this.setOption(WSHandlerConstants.SIG_KEY_ID, > > > > ApplicationProperties.instance().getProperty("security.piv.rec > > eiver.securityhandler.key.id")); > > > > this.setOption(WSHandlerConstants.SIGNATURE_PARTS, > > > > ApplicationProperties.instance().getProperty("security.piv.rec > > eiver.securityhandler.parts")); > > this.setOption(WSHandlerConstants.ENCRYPTION_PARTS, > > > > ApplicationProperties.instance().getProperty("security.piv.rec > > eiver.encryptionhandler.parts")); > > > > this.setOption(WSHandlerConstants.ENC_PROP_FILE, > > > > ApplicationProperties.instance().getProperty("security.piv.rec > > eiver.propfile")); > > this.setOption(WSHandlerConstants.DEC_PROP_FILE, > > > > ApplicationProperties.instance().getProperty("security.piv.rec > > eiver.propfile")); > > this.setOption(WSHandlerConstants.SIG_PROP_FILE, > > > > ApplicationProperties.instance().getProperty("security.piv.rec > > eiver.propfile")); > > > > this.setOption(WSHandlerConstants.PW_CALLBACK_CLASS, > > > > ApplicationProperties.instance().getProperty("security.piv.rec > > eiver.password.callback.class")); > > } > > > > > > The properties above are set as follows: > > > > security.piv.receiver.propfile=receiver.secproperties > > security.piv.receiver.password.callback.class=x.y.z.PWCallback > > > > security.piv.receiver.securityhandler.ttl=300 > > > > security.piv.receiver.securityhandler.parts={}{http://schemas. > > xmlsoap.org/soap/envelope/}Body;{}{http://docs.oasis-open.org/ > > wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp > > security.piv.receiver.securityhandler.mustunderstand=false > > security.piv.receiver.securityhandler.alias=refapp piv receiver > > security.piv.receiver.securityhandler.key.id=DirectReference > > > > security.piv.receiver.encryptionhandler.parts={}{http://schema > > s.xmlsoap.org/soap/envelope/}Body > > security.piv.receiver.encryptionhandler.alias=refapp piv transmitter > > security.piv.receiver.encryptionhandler.key.id=X509KeyIdentifier > > > > Regards, > > Yves > > > > On Mon, 2005-03-21 at 07:41 +0100, Dittmann Werner wrote: > > > Yves, > > > > > > can you send to deployment params you use? Did > > > it work before, or did you modify some parts, > > > e.g. downloadig a new version of WSS4J? > > > > > > Thanks, > > > Werner > > > > > > > -----UrsprÃngliche Nachricht----- > > > > Von: Yves Langisch [mailto:[EMAIL PROTECTED] > > > > Gesendet: Freitag, 18. MÃrz 2005 16:34 > > > > An: fx-dev > > > > Betreff: SecurityTokenReference issue? > > > > > > > > > > > > All, > > > > > > > > If I use a reference to a subject key identifier I got the > > > > following on > > > > the wire: > > > > > > > > ... > > > > <wsse:SecurityTokenReference><wsse:KeyIdentifier > > > > EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200 > > > > 401-wss-soap-message-security-1.0#Base64Binary" > > > > ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401 > > > > -wss-x509-token-profile-1.0#X509v3">MIID6TCCA1KgAwIBAgIBATANBg > > > > kqhkiG9w0BAQQFADCBoDELMAkGA1UEBhMCQ0gxDTALBgNVBAgT > > > > BEJlcm4xDTALBgNVBAcTBEJlcm4xEzARBgNVBAoTCml0U2VydmUgQUcxGDAWBg > > > > NVBAsTD0xvaG5z > > > > dGFuZGFyZC1DSDEcMBoGA1UEAxMTUmVmQXBwIFBJViBSZWNlaXZlcjEmMCQGCS > > > > qGSIb3DQEJARYX > > > > bG9obnN0YW5kYXJkQGl0c2VydmUuY2gwHhcNMDQwNzAyMDkwMzU3WhcNMDUwNz > > > > AyMDkwMzU3WjCB > > > > ....y0PZksq > > > > +C8tEO3Xjukv83CklYo6KELoH83sBJBmiXFQs8ClGmBejn/RLnp</wsse:KeyI > > > > dentifier></wsse:SecurityTokenReference> > > > > </ds:KeyInfo> > > > > ... > > > > > > > > Per the X.509 Certificate Token Profile (section 3.2.1) > > the ValueType > > > > attribute must be > > > > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-t > > > oken-profile-1.0#X509SubjectKeyIdentifier and should > > contain the encoded SubjectKeyIdentifier of the certificate > > and not the entire certificate as above. > > > > > > > > > Is this a bug or am I wrong? > > > > > > Yves > > > > > >
