You probably need to subclass the WSS4JInInterceptor and override the
method:
protected boolean verifyTrust(X509Certificate cert, RequestData reqData)
throws WSSecurityException
Dan
cLaSic wrote:
>
> Hi,
>
> What if the Server got 3 public keys (alias1, alias2, alias3) and we want
> to use only the second one to verify the signature! How can we do this
> with CXF ? i beleive that we have to override something in the IN
> interceptor.
>
> Regards,
> cLaSic
>
>
> Mayank Mishra-3 wrote:
>>
>> Hi,
>>
>> One way of doing this is by specifying Alias name in trust store related
>> assertions/configuration specified using the WS-Security Policy. You can
>> specify this assertion at policy bound to Binding/Port/Service level.
>>
>> But since the scenario has different client each with its own private
>> key, either you can use the BST signature key reference Identifier in
>> which client sends the public certificate embedded in the secured
>> message.
>> or in the WS-SecurityPolicy, you can specify an KeyValueToken as a
>> token type, then the Security engine would output an RSAKeyValue key in
>> the security header which is the public key certificate I guess.
>>
>> But in both cases, on the receiving side, we require to write a callback
>> handler to extract, validate and reinsert the certificate in the context
>> to use it.
>>
>> With Regards,
>> Mayank
>>
>> cLaSic wrote:
>>> Hi all,
>>>
>>> I have a general question about WS-Security : How the server select a
>>> certificat from the thruststore to authenticate the client signature ?
>>> we
>>> suppose that we have a lot of client, and each one has it's private key,
>>> of
>>> course the server has also each client public key.
>>>
>>> Regards,
>>> cLaSic
>>>
>>
>>
>>
>
--
View this message in context:
http://www.nabble.com/WS-Security-how-the-server-select-a-certificate-tp25795612p25876793.html
Sent from the cxf-user mailing list archive at Nabble.com.
