Here is example of service request/response (implemented using the Sun Metro and XWSS implementation):
SOAP REQUEST: <?xml version="1.0" encoding="UTF-8"?> <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/";> <SOAP-ENV:Header> <wsse:Security xmlns:wsse=" http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; SOAP-ENV:mustUnderstand="1"> <wsu:Timestamp xmlns:wsu=" http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; wsu:Id="XWSSGID-1222762354020-286584283"> <wsu:Created>2008-09-30T08:12:33.848Z</wsu:Created> <wsu:Expires>2008-09-30T08:17:33.848Z</wsu:Expires> </wsu:Timestamp> <wsse:UsernameToken xmlns:wsu=" http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; wsu:Id="XWSSGID-1222762353584894200328"> <wsse:Username>xxx</wsse:Username> <wsse:Password Type=" http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest";> ****</wsse:Password> <wsse:Nonce EncodingType=" http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary";> lvRbjXGZuiV4P4gY6p1twUHD</wsse:Nonce> <wsu:Created>2008-09-30T08:12:33.848Z</wsu:Created> </wsse:UsernameToken> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"; Id="XWSSGID-12227623535842138156232"> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm=" http://www.w3.org/2001/10/xml-exc-c14n#";> <InclusiveNamespaces xmlns=" http://www.w3.org/2001/10/xml-exc-c14n#"; PrefixList="wsse SOAP-ENV"/> </ds:CanonicalizationMethod> <ds:SignatureMethod Algorithm=" http://www.w3.org/2000/09/xmldsig#hmac-sha1"/> <ds:Reference URI="#XWSSGID-1222762354020-1855599201"> <ds:DigestMethod Algorithm=" http://www.w3.org/2000/09/xmldsig#sha1"/> <ds:DigestValue>CHxSJnfhMGMTC3GtOW3pYejzZrU=</ds:DigestValue> </ds:Reference> <ds:Reference URI="#XWSSGID-1222762354020-286584283"> <ds:DigestMethod Algorithm=" http://www.w3.org/2000/09/xmldsig#sha1"/> <ds:DigestValue>XtblRdAi8x2sw8h/Q5rXrKJokA0=</ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue>1n/iMLjPxlIJMH5af0f83TfO9zc=</ds:SignatureValue> <ds:KeyInfo> <ds:KeyName>xxx</ds:KeyName> </ds:KeyInfo> </ds:Signature> </wsse:Security> </SOAP-ENV:Header> <SOAP-ENV:Body xmlns:wsu=" http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; wsu:Id="XWSSGID-1222762354020-1855599201"> --------- </SOAP-ENV:Body> </SOAP-ENV:Envelope> SOAP RESPONSE: <?xml version="1.0" encoding="UTF-8"?> <S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/";> <S:Header> <wsse:Security xmlns:wsse=" http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; S:mustUnderstand="1"> <wsu:Timestamp xmlns:wsu=" http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; wsu:Id="XWSSGID-1222762114860-553388788"> <wsu:Created>2008-09-30T08:08:34.813Z</wsu:Created> <wsu:Expires>2008-09-30T08:13:34.813Z</wsu:Expires> </wsu:Timestamp> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"; Id="XWSSGID-12227608541211917696533"> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm=" http://www.w3.org/2001/10/xml-exc-c14n#";> <InclusiveNamespaces xmlns=" http://www.w3.org/2001/10/xml-exc-c14n#"; PrefixList="wsse S"/> </ds:CanonicalizationMethod> <ds:SignatureMethod Algorithm=" http://www.w3.org/2000/09/xmldsig#hmac-sha1"/> <ds:Reference URI="#XWSSGID-1222762114844-1694795497"> <ds:DigestMethod Algorithm=" http://www.w3.org/2000/09/xmldsig#sha1"/> <ds:DigestValue>kPnbG8DMwnvBzHUgqdfPTBj0Xh0=</ds:DigestValue> </ds:Reference> <ds:Reference URI="#XWSSGID-1222762114860-553388788"> <ds:DigestMethod Algorithm=" http://www.w3.org/2000/09/xmldsig#sha1"/> <ds:DigestValue>ZbhiCs3bpfTnG4usLqVKP+67J48=</ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue>6qawpn6zhmXQi+QA/Q9jMjO/fNY=</ds:SignatureValue> <ds:KeyInfo> <ds:KeyName>xxx</ds:KeyName> </ds:KeyInfo> </ds:Signature> </wsse:Security> </S:Header> <S:Body xmlns:wsu=" http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; wsu:Id="XWSSGID-1222762114844-1694795497"> ------- </S:Body> </S:Envelope> *Your help is much appreciated* !!! Many Thanks, Dejan 2008/9/29 Ruchith Fernando <[EMAIL PROTECTED]> > I don't think your scenario is directly supported by Rampart (either > with 1.0 config or policy based config) ... > > But if you use WSS4J directly the way Rampart uses it then you > probably should be able to do this. > > Do you have any sample messages or the policy of the service? > > Thanks, > Ruchith > > On Mon, Sep 29, 2008 at 2:29 PM, Dejan <[EMAIL PROTECTED]> wrote: > > I'm trying to use Rampart to encrypt my message body using a symmetric > > secret key. Sample 9, included with the Rampart distribution, does just > > this. The actual key is hard-coded in a callback function. My > understanding > > is that the key (EmbededKeyName) is the only piece of data needed to > encode > > the message. Please correct me if I am wrong. > > > > I was wondering why this part of the client config file: > > > > <action> > > <items>Encrypt</items> > > <user>client</user> > > <encryptionKeyIdentifier>EmbeddedKeyName</encryptionKeyIdentifier> > > > <EmbeddedKeyCallbackClass>org.apache.rampart.samples.sample09.PWCBHandler</EmbeddedKeyCallbackClass> > > <encryptionPropFile>client.properties</encryptionPropFile> > > <EmbeddedKeyName>SessionKey</EmbeddedKeyName> > > </action> > > > > contains the encryptionPropFile property. > > Why do we need client.properties in this case. I do not understand why > does > > Rampart need the keystore in this case? I'm not using public/private keys > or > > certificates, just one secret key. > > > > The service side security is implemented using the SUN Metro and XWSS > > implementation. From WS provider I got for my client the > username/password, > > client shared secret to encrypt and service shared secret to decrypt. The > > symmetric keys is computed during runtime programmatically, generating > for a > > given sharedsecret an AES256 Key and using the > > Decryption/EncryptionKeyCallback. > > > > My problem is to translate this using the Rampart and WSS4J > implementation. > > Is this scenario supported in Ramapart? If so can you point me in right > > direction? > > > > > > Thanks in advance, > > Dejan > > > > 2008/9/29 Ruchith Fernando <[EMAIL PROTECTED]> > > > >> There were some discussions on the WS-SX TC about this : > >> > >> Please see the following : > >> > >> http://lists.oasis-open.org/archives/ws-sx/200801/msg00011.html > >> > >> The issue # is 163 : > >> > >> http://lists.oasis-open.org/archives/ws-sx/200802/msg00014.html > >> > >> I think we can improve rampart to support this scenario. > >> Nandana can you please confirm whether this is already available? > >> > >> Thanks, > >> Ruchith > >> > >> > >> On Mon, Sep 29, 2008 at 4:26 AM, Dejan <[EMAIL PROTECTED]> wrote: > >> > Hi, > >> > > >> > When the client and service already has a shared key, can I use that > to > >> sign > >> > and encrypt? Do I still need client.properties and how to define this > in > >> the > >> > policy.xml in that case. Where should I store the shared secret? > >> > Is there any client sample that does this. I check sample09 from > rampart > >> > installation but I its not clear to me howto use > >> > <EmbeddedKeyName>SessionKey</EmbeddedKeyName>. > >> > > >> > *Any help is much appreciated* ! > >> > > >> > >> > >> > >> -- > >> http://blog.ruchith.org > >> > > > > > > -- > http://blog.ruchith.org >
