Thanks Colm. I tried to mix to see whether I can get some feedback from the service. Its a .net service and I have only a pfx file and a .cer certifications.
Most examples I saw I have cxf service and client, what I wanted to know initially is that is possible to communicate to this service with all this assertions showed In the wsdl. When I tried to access I got no signature token and debugging CXF I need to set the property ws-security.token. This property expects a SecurityToken object which I dont know how can I create or get it. If you recognize this behavior please tell me, will be a good help. Regards, Nícolas Fontenele De: Colm O hEigeartaigh [mailto:[email protected]] Enviada: segunda-feira, 3 de setembro de 2012 09:57 Para: Nicolas Frota Cc: [email protected] Assunto: Re: Using cxf with X509v3 certificates As Glen said, you are mixing two different type of configuration. For the WS-SecurityPolicy case you do not need to add any interceptors, as the policy-based interceptors are added automatically when the WSDL contains WS-SecurityPolicy expressions. See the WS-Security example system tests for some configuration examples: https://svn.apache.org/repos/asf/cxf/trunk/systests/ws-security-examples/ Colm. On Wed, Aug 29, 2012 at 9:19 PM, Nícolas Fontenele <[email protected]> wrote: Thanks Glenn, Do you know some examples of WS-SecPol only? What I did is set some properties in the request context that I saw in the documentation http://cxf.apache.org/docs/ws-securitypolicy.html . Funny thing is that cxf asks for this property below: Map<String, Object> ctx = ((BindingProvider) port).getRequestContext(); ctx.put("ws-security.token", new SecurityToken()); which isnt wrote in the documentation. Do you have any ideia which token should I put there? Best Regards, Nícolas Fontenele -----Mensagem original----- De: Glen Mazza [mailto:[email protected]] Enviada: terça-feira, 28 de agosto de 2012 16:43 Para: [email protected] Assunto: Re: Using cxf with X509v3 certificates From your earlier email you're using WS-SecurityPolicy in your WSDL, so you shouldn't be using the WSS4J Out/In interceptors--that's strictly for non-WS-SecPol use. Glen On 08/28/2012 03:28 PM, Nícolas Fontenele wrote: > Im also adding my code here . > Thanks!! > > public class Client { > > private static final String WSU_NS = > "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-ut > ility- > 1.0.xsd"; > > public static void main(String args[]) { > > try { > // 02c6b75f-5fc8-4c05-a79f-78fa1ded10e1 > WSS4JOutInterceptor wssOut = createOutProperties(); > WSS4JInInterceptor wssIn = createInProperties(); > > SecGtwService service = new SecGtwService( > new java.net.URL( > > "http://nrio083fcom.develop.net/services/SecureGateway/CalypsoGatewayC > ert/Se > cGtwServiceHost.svc?wsdl")); > ISecGtwServiceContract port = > service.getCertificateEndPoint(); > > org.apache.cxf.endpoint.Client client = > ClientProxy.getClient(port); > > client.getInInterceptors().add(wssIn); > client.getOutInterceptors().add(wssOut); > > Map<String, Object> ctx = ((BindingProvider) port) > .getRequestContext(); > > ctx.put("ws-security.token", new SecurityToken()); > System.out.println(port.whoIAm()); > > } catch (MalformedURLException e) { > // TODO Auto-generated catch block > e.printStackTrace(); > } > > } > > private static WSS4JInInterceptor createInProperties() { > Map<String, Object> inProps = new HashMap<String, Object>(); > inProps.put(WSHandlerConstants.ACTION, > "UsernameToken Timestamp Signature Encrypt"); > inProps.put("passwordType", "PasswordText"); > inProps.put("passwordCallbackClass", > ClientPasswordCallback.class.getName()); > inProps.put("decryptionPropFile", "etc/client_enc.properties"); > inProps.put("encryptionKeyIdentifier", "IssuerSerial"); > > inProps.put("signaturePropFile", "etc/client_sign.properties"); > inProps.put("signatureKeyIdentifier", "DirectReference"); > > return new WSS4JInInterceptor(inProps); > > } > > private static WSS4JOutInterceptor createOutProperties() { > Map<String, Object> outProps = new HashMap<String, Object>(); > outProps.put(WSHandlerConstants.ACTION, > "UsernameToken Timestamp Signature Encrypt"); > outProps.put("passwordType", "PasswordDigest"); > > outProps.put(WSHandlerConstants.USER, > "02c6b75f-5fc8-4c05-a79f-78fa1ded10e1"); > outProps.put(WSHandlerConstants.PW_CALLBACK_CLASS, > ClientPasswordCallback.class.getName()); > > outProps.put("encryptionUser", "pub"); > outProps.put(WSHandlerConstants.ENC_PROP_FILE, > "etc/client_enc.properties"); > > outProps.put("encryptionKeyIdentifier", "IssuerSerial"); > outProps.put("encryptionParts", "{Element}{" + WSU_NS + > "}Timestamp;" > + "{Content}" + > "{http://www.w3.org/2003/05/soap-envelope}Body <http://www.w3.org/2003/05/soap-envelope%7dBody> "); > > outProps.put(WSHandlerConstants.SIG_PROP_FILE, > "etc/client_sign.properties"); > > outProps.put("signatureKeyIdentifier", "DirectReference"); > outProps.put("signatureParts", "{Element}{" + WSU_NS + "}Timestamp;" > + "{Element}" + > "{http://www.w3.org/2003/05/soap-envelope}Body <http://www.w3.org/2003/05/soap-envelope%7dBody> "); > > return new WSS4JOutInterceptor(outProps); > > } > > -----Mensagem original----- > De: Nícolas Fontenele [mailto:[email protected]] > Enviada: terça-feira, 28 de agosto de 2012 15:11 > Para: [email protected]; [email protected] > Assunto: RE: Using cxf with X509v3 certificates > > Thanks for the answer, I'll paste wsdl here. > What I have been trying is use wss4j interceptors as I can see in some > examples. > I imported both certificates on my keystore and I can see debugging > that the password handler get the keys from that. > My problem right now is that CXF is expecting an initial token ( of a > class SecurityToken ) on the request context property > ''ws-security.token''. I saw it debugging. > Is correct to use this property? > I saw in ws security samples that only set properties on the > interceptors and not in the requestcontext of the client. > And if this behavior is correct, How can I create this token? Should > I use another property? > > Wsdl is below, any idea? > Thanks! > > <?xml version="1.0" encoding="utf-8"?> <wsdl:definitions > xmlns:wsap="http://schemas.xmlsoap.org/ws/2004/08/addressing/policy"; > xmlns:wsa10="http://www.w3.org/2005/08/addressing"; > xmlns:tns="http://tempuri.org/"; > xmlns:msc="http://schemas.microsoft.com/ws/2005/12/wsdl/contract"; > xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/"; > xmlns:wsx="http://schemas.xmlsoap.org/ws/2004/09/mex"; > xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"; > xmlns:wsam="http://www.w3.org/2007/05/addressing/metadata"; > xmlns:soap12="http://schemas.xmlsoap.org/wsdl/soap12/"; > xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"; > xmlns:wsaw="http://www.w3.org/2006/05/addressing/wsdl"; > xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/"; > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wss > ecurit y-utility-1.0.xsd" xmlns:xsd="http://www.w3.org/2001/XMLSchema"; > name="SecGtwService" targetNamespace="http://tempuri.org/"; > xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/";> > <wsp:Policy wsu:Id="CertificateEndPoint_policy"> > <wsp:ExactlyOne> > <wsp:All> > <sp:SymmetricBinding > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> > <wsp:Policy> > <sp:ProtectionToken> > <wsp:Policy> > <sp:SecureConversationToken > sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/ > Includ > eToken/AlwaysToRecipient"> > <wsp:Policy> > <sp:RequireDerivedKeys /> > <sp:BootstrapPolicy> > <wsp:Policy> > <sp:SignedParts> > <sp:Body /> > <sp:Header Name="To" > Namespace="http://www.w3.org/2005/08/addressing"; /> > <sp:Header Name="From" > Namespace="http://www.w3.org/2005/08/addressing"; /> > <sp:Header Name="FaultTo" > Namespace="http://www.w3.org/2005/08/addressing"; /> > <sp:Header Name="ReplyTo" > Namespace="http://www.w3.org/2005/08/addressing"; /> > <sp:Header Name="MessageID" > Namespace="http://www.w3.org/2005/08/addressing"; /> > <sp:Header Name="RelatesTo" > Namespace="http://www.w3.org/2005/08/addressing"; /> > <sp:Header Name="Action" > Namespace="http://www.w3.org/2005/08/addressing"; /> > </sp:SignedParts> > <sp:EncryptedParts> > <sp:Body /> > </sp:EncryptedParts> > <sp:SymmetricBinding> > <wsp:Policy> > <sp:ProtectionToken> > <wsp:Policy> > <mssp:SslContextToken > sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/ > Includ > eToken/AlwaysToRecipient" > xmlns:mssp="http://schemas.microsoft.com/ws/2005/07/securitypolicy";> > <wsp:Policy> > <sp:RequireDerivedKeys /> > <mssp:RequireClientCertificate /> > </wsp:Policy> > </mssp:SslContextToken> > </wsp:Policy> > </sp:ProtectionToken> > <sp:AlgorithmSuite> > <wsp:Policy> > <sp:Basic256 /> > </wsp:Policy> > </sp:AlgorithmSuite> > <sp:Layout> > <wsp:Policy> > <sp:Strict /> > </wsp:Policy> > </sp:Layout> > <sp:IncludeTimestamp /> > <sp:EncryptSignature /> > <sp:OnlySignEntireHeadersAndBody /> > </wsp:Policy> > </sp:SymmetricBinding> > <sp:Wss11> > <wsp:Policy /> > </sp:Wss11> > <sp:Trust10> > <wsp:Policy> > <sp:MustSupportIssuedTokens /> > <sp:RequireClientEntropy /> > <sp:RequireServerEntropy /> > </wsp:Policy> > </sp:Trust10> > </wsp:Policy> > </sp:BootstrapPolicy> > </wsp:Policy> > </sp:SecureConversationToken> > </wsp:Policy> > </sp:ProtectionToken> > <sp:AlgorithmSuite> > <wsp:Policy> > <sp:Basic256 /> > </wsp:Policy> > </sp:AlgorithmSuite> > <sp:Layout> > <wsp:Policy> > <sp:Strict /> > </wsp:Policy> > </sp:Layout> > <sp:IncludeTimestamp /> > <sp:EncryptSignature /> > <sp:OnlySignEntireHeadersAndBody /> > </wsp:Policy> > </sp:SymmetricBinding> > <sp:Wss11 > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> > <wsp:Policy /> > </sp:Wss11> > <sp:Trust10 > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> > <wsp:Policy> > <sp:MustSupportIssuedTokens /> > <sp:RequireClientEntropy /> > <sp:RequireServerEntropy /> > </wsp:Policy> > </sp:Trust10> > <wsaw:UsingAddressing /> > </wsp:All> > </wsp:ExactlyOne> > </wsp:Policy> > <wsp:Policy wsu:Id="CertificateEndPoint_AuthenticateService_Input_policy"> > <wsp:ExactlyOne> > <wsp:All> > <sp:SignedParts > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> > <sp:Body /> > <sp:Header Name="To" > Namespace="http://www.w3.org/2005/08/addressing"; /> > <sp:Header Name="From" > Namespace="http://www.w3.org/2005/08/addressing"; /> > <sp:Header Name="FaultTo" > Namespace="http://www.w3.org/2005/08/addressing"; /> > <sp:Header Name="ReplyTo" > Namespace="http://www.w3.org/2005/08/addressing"; /> > <sp:Header Name="MessageID" > Namespace="http://www.w3.org/2005/08/addressing"; /> > <sp:Header Name="RelatesTo" > Namespace="http://www.w3.org/2005/08/addressing"; /> > <sp:Header Name="Action" > Namespace="http://www.w3.org/2005/08/addressing"; /> > </sp:SignedParts> > <sp:EncryptedParts > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> > <sp:Body /> > </sp:EncryptedParts> > </wsp:All> > </wsp:ExactlyOne> > </wsp:Policy> > <wsp:Policy > wsu:Id="CertificateEndPoint_AuthenticateService_output_policy"> > <wsp:ExactlyOne> > <wsp:All> > <sp:SignedParts > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> > <sp:Body /> > <sp:Header Name="To" > Namespace="http://www.w3.org/2005/08/addressing"; /> > <sp:Header Name="From" > Namespace="http://www.w3.org/2005/08/addressing"; /> > <sp:Header Name="FaultTo" > Namespace="http://www.w3.org/2005/08/addressing"; /> > <sp:Header Name="ReplyTo" > Namespace="http://www.w3.org/2005/08/addressing"; /> > <sp:Header Name="MessageID" > Namespace="http://www.w3.org/2005/08/addressing"; /> > <sp:Header Name="RelatesTo" > Namespace="http://www.w3.org/2005/08/addressing"; /> > <sp:Header Name="Action" > Namespace="http://www.w3.org/2005/08/addressing"; /> > </sp:SignedParts> > <sp:EncryptedParts > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> > <sp:Body /> > </sp:EncryptedParts> > </wsp:All> > </wsp:ExactlyOne> > </wsp:Policy> > <wsp:Policy > wsu:Id="CertificateEndPoint_ValidadeTokenService_Input_policy"> > <wsp:ExactlyOne> > <wsp:All> > <sp:SignedParts > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> > <sp:Body /> > <sp:Header Name="To" > Namespace="http://www.w3.org/2005/08/addressing"; /> > <sp:Header Name="From" > Namespace="http://www.w3.org/2005/08/addressing"; /> > <sp:Header Name="FaultTo" > Namespace="http://www.w3.org/2005/08/addressing"; /> > <sp:Header Name="ReplyTo" > Namespace="http://www.w3.org/2005/08/addressing"; /> > <sp:Header Name="MessageID" > Namespace="http://www.w3.org/2005/08/addressing"; /> > <sp:Header Name="RelatesTo" > Namespace="http://www.w3.org/2005/08/addressing"; /> > <sp:Header Name="Action" > Namespace="http://www.w3.org/2005/08/addressing"; /> > </sp:SignedParts> > <sp:EncryptedParts > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> > <sp:Body /> > </sp:EncryptedParts> > </wsp:All> > </wsp:ExactlyOne> > </wsp:Policy> > <wsp:Policy > wsu:Id="CertificateEndPoint_ValidadeTokenService_output_policy"> > <wsp:ExactlyOne> > <wsp:All> > <sp:SignedParts > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> > <sp:Body /> > <sp:Header Name="To" > Namespace="http://www.w3.org/2005/08/addressing"; /> > <sp:Header Name="From" > Namespace="http://www.w3.org/2005/08/addressing"; /> > <sp:Header Name="FaultTo" > Namespace="http://www.w3.org/2005/08/addressing"; /> > <sp:Header Name="ReplyTo" > Namespace="http://www.w3.org/2005/08/addressing"; /> > <sp:Header Name="MessageID" > Namespace="http://www.w3.org/2005/08/addressing"; /> > <sp:Header Name="RelatesTo" > Namespace="http://www.w3.org/2005/08/addressing"; /> > <sp:Header Name="Action" > Namespace="http://www.w3.org/2005/08/addressing"; /> > </sp:SignedParts> > <sp:EncryptedParts > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> > <sp:Body /> > </sp:EncryptedParts> > </wsp:All> > </wsp:ExactlyOne> > </wsp:Policy> > <wsp:Policy wsu:Id="CertificateEndPoint_WhoIAm_Input_policy"> > <wsp:ExactlyOne> > <wsp:All> > <sp:SignedParts > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> > <sp:Body /> > <sp:Header Name="To" > Namespace="http://www.w3.org/2005/08/addressing"; /> > <sp:Header Name="From" > Namespace="http://www.w3.org/2005/08/addressing"; /> > <sp:Header Name="FaultTo" > Namespace="http://www.w3.org/2005/08/addressing"; /> > <sp:Header Name="ReplyTo" > Namespace="http://www.w3.org/2005/08/addressing"; /> > <sp:Header Name="MessageID" > Namespace="http://www.w3.org/2005/08/addressing"; /> > <sp:Header Name="RelatesTo" > Namespace="http://www.w3.org/2005/08/addressing"; /> > <sp:Header Name="Action" > Namespace="http://www.w3.org/2005/08/addressing"; /> > </sp:SignedParts> > <sp:EncryptedParts > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> > <sp:Body /> > </sp:EncryptedParts> > </wsp:All> > </wsp:ExactlyOne> > </wsp:Policy> > <wsp:Policy wsu:Id="CertificateEndPoint_WhoIAm_output_policy"> > <wsp:ExactlyOne> > <wsp:All> > <sp:SignedParts > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> > <sp:Body /> > <sp:Header Name="To" > Namespace="http://www.w3.org/2005/08/addressing"; /> > <sp:Header Name="From" > Namespace="http://www.w3.org/2005/08/addressing"; /> > <sp:Header Name="FaultTo" > Namespace="http://www.w3.org/2005/08/addressing"; /> > <sp:Header Name="ReplyTo" > Namespace="http://www.w3.org/2005/08/addressing"; /> > <sp:Header Name="MessageID" > Namespace="http://www.w3.org/2005/08/addressing"; /> > <sp:Header Name="RelatesTo" > Namespace="http://www.w3.org/2005/08/addressing"; /> > <sp:Header Name="Action" > Namespace="http://www.w3.org/2005/08/addressing"; /> > </sp:SignedParts> > <sp:EncryptedParts > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> > <sp:Body /> > </sp:EncryptedParts> > </wsp:All> > </wsp:ExactlyOne> > </wsp:Policy> > <wsdl:types> > <xsd:schema targetNamespace="http://tempuri.org/Imports";> > <xsd:import > schemaLocation="http://nrio0230dco.pactual.net/services/SecureGateway/ > Calyps oGatewayCert/SecGtwServiceHost.svc?xsd=xsd0" > namespace="http://tempuri.org/"; > /> > <xsd:import > schemaLocation="http://nrio0230dco.pactual.net/services/SecureGateway/ > Calyps oGatewayCert/SecGtwServiceHost.svc?xsd=xsd1" > namespace="http://schemas.microsoft.com/2003/10/Serialization/"; /> > <xsd:import > schemaLocation="http://nrio0230dco.pactual.net/services/SecureGateway/ > Calyps oGatewayCert/SecGtwServiceHost.svc?xsd=xsd2" > namespace="http://schemas.datacontract.org/2004/07/Pactual.SecureGatew > ay.Ser > vices.Contracts" /> > </xsd:schema> > </wsdl:types> > <wsdl:message > name="ISecGtwServiceContract_AuthenticateService_InputMessage"> > <wsdl:part name="parameters" element="tns:AuthenticateService" /> > </wsdl:message> > <wsdl:message > name="ISecGtwServiceContract_AuthenticateService_OutputMessage"> > <wsdl:part name="parameters" element="tns:AuthenticateServiceResponse" > /> > </wsdl:message> > <wsdl:message > name="ISecGtwServiceContract_ValidadeTokenService_InputMessage"> > <wsdl:part name="parameters" element="tns:ValidadeTokenService" /> > </wsdl:message> > <wsdl:message > name="ISecGtwServiceContract_ValidadeTokenService_OutputMessage"> > <wsdl:part name="parameters" element="tns:ValidadeTokenServiceResponse" > /> > </wsdl:message> > <wsdl:message name="ISecGtwServiceContract_WhoIAm_InputMessage"> > <wsdl:part name="parameters" element="tns:WhoIAm" /> > </wsdl:message> > <wsdl:message name="ISecGtwServiceContract_WhoIAm_OutputMessage"> > <wsdl:part name="parameters" element="tns:WhoIAmResponse" /> > </wsdl:message> > <wsdl:portType name="ISecGtwServiceContract"> > <wsdl:operation name="AuthenticateService"> > <wsdl:input > wsaw:Action="http://tempuri.org/ISecGtwServiceContract/AuthenticateService"; > message="tns:ISecGtwServiceContract_AuthenticateService_InputMessage" /> > <wsdl:output > wsaw:Action="http://tempuri.org/ISecGtwServiceContract/AuthenticateSer > viceRe > sponse" > message="tns:ISecGtwServiceContract_AuthenticateService_OutputMessage" /> > </wsdl:operation> > <wsdl:operation name="ValidadeTokenService"> > <wsdl:input > wsaw:Action="http://tempuri.org/ISecGtwServiceContract/ValidadeTokenService"; > message="tns:ISecGtwServiceContract_ValidadeTokenService_InputMessage" /> > <wsdl:output > wsaw:Action="http://tempuri.org/ISecGtwServiceContract/ValidadeTokenSe > rviceR > esponse" > message="tns:ISecGtwServiceContract_ValidadeTokenService_OutputMessage" /> > </wsdl:operation> > <wsdl:operation name="WhoIAm"> > <wsdl:input > wsaw:Action="http://tempuri.org/ISecGtwServiceContract/WhoIAm"; > message="tns:ISecGtwServiceContract_WhoIAm_InputMessage" /> > <wsdl:output > wsaw:Action="http://tempuri.org/ISecGtwServiceContract/WhoIAmResponse"; > message="tns:ISecGtwServiceContract_WhoIAm_OutputMessage" /> > </wsdl:operation> > </wsdl:portType> > <wsdl:binding name="CertificateEndPoint" > type="tns:ISecGtwServiceContract"> > <wsp:PolicyReference URI="#CertificateEndPoint_policy" /> > <soap12:binding transport="http://schemas.xmlsoap.org/soap/http"; /> > <wsdl:operation name="AuthenticateService"> > <soap12:operation > soapAction="http://tempuri.org/ISecGtwServiceContract/AuthenticateService"; > style="document" /> > <wsdl:input> > <wsp:PolicyReference > URI="#CertificateEndPoint_AuthenticateService_Input_policy" /> > <soap12:body use="literal" /> > </wsdl:input> > <wsdl:output> > <wsp:PolicyReference > URI="#CertificateEndPoint_AuthenticateService_output_policy" /> > <soap12:body use="literal" /> > </wsdl:output> > </wsdl:operation> > <wsdl:operation name="ValidadeTokenService"> > <soap12:operation > soapAction="http://tempuri.org/ISecGtwServiceContract/ValidadeTokenService"; > style="document" /> > <wsdl:input> > <wsp:PolicyReference > URI="#CertificateEndPoint_ValidadeTokenService_Input_policy" /> > <soap12:body use="literal" /> > </wsdl:input> > <wsdl:output> > <wsp:PolicyReference > URI="#CertificateEndPoint_ValidadeTokenService_output_policy" /> > <soap12:body use="literal" /> > </wsdl:output> > </wsdl:operation> > <wsdl:operation name="WhoIAm"> > <soap12:operation > soapAction="http://tempuri.org/ISecGtwServiceContract/WhoIAm"; > style="document" /> > <wsdl:input> > <wsp:PolicyReference URI="#CertificateEndPoint_WhoIAm_Input_policy" > /> > <soap12:body use="literal" /> > </wsdl:input> > <wsdl:output> > <wsp:PolicyReference URI="#CertificateEndPoint_WhoIAm_output_policy" > /> > <soap12:body use="literal" /> > </wsdl:output> > </wsdl:operation> > </wsdl:binding> > <wsdl:service name="SecGtwService"> > <wsdl:port name="CertificateEndPoint" binding="tns:CertificateEndPoint"> > <soap12:address > location="http://nrio0230dco.pactual.net/services/SecureGateway/Calyps > oGatew > ayCert/SecGtwServiceHost.svc" /> > <wsa10:EndpointReference> > > <wsa10:Address>http://nrio0230dco.pactual.net/services/SecureGateway/C > alypso GatewayCert/SecGtwServiceHost.svc</wsa10:Address> > <Identity > xmlns="http://schemas.xmlsoap.org/ws/2006/02/addressingidentity";> > <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig# <http://www.w3.org/2000/09/xmldsig> "> > <X509Data> > > <X509Certificate>MIIBxTCCAXOgAwIBAgIQoF4m3EAEm4RCITdLvQ/MxTAJBgUrDgMCH > QUAMBY > xFDASBgNVBAMTC1Jvb3QgQWdlbmN5MB4XDTEyMDcxODAwMjQzN1oXDTM5MTIzMTIzNTk1O > VowKDE > mMCQGA1UEAxMdUGFjdHVhbC5TZWN1cmVHYXRld2F5LlNlcnZpY2UwgZ8wDQYJKoZIhvcNA > QEBBQA > DgY0AMIGJAoGBAN7Bng23dMbhRgzQ3KuD1uox0MriWjJON3DL1tQsHqGqjE9ZiTeVnijDE > Wxre93 > 8+/sELJ+Ru3mdoQae+ICfn3guBEwg80MBqeQlpNmWMssaKVWJAK5ur2YCo3UNoju2d+ZEg > 8+D0 > 8+73tQ > 4MLp68a3TfUEKrzrBbXZQbFak8opoyCPhAgMBAAGjSzBJMEcGA1UdAQRAMD6AEBLkCS0GH > R1PAI1 > hIdwWZGOhGDAWMRQwEgYDVQQDEwtSb290IEFnZW5jeYIQBjdsAKoAZIoRz7jUqlw19DAJB > gUrDgM > CHQUAA0EAVL4d3PW6GhtrfEyYBghg5SIzwrsaKUvOsudIEPuOH8xWPbkgyFszcxKJpOj2d > xawvNv srBo8D62D9xUTMexQHw==</X509Certificate> > </X509Data> > </KeyInfo> > </Identity> > </wsa10:EndpointReference> > </wsdl:port> > </wsdl:service> > </wsdl:definitions> > > > -----Mensagem original----- > De: Colm O hEigeartaigh [mailto:[email protected]] > Enviada: terça-feira, 28 de agosto de 2012 14:45 > Para: [email protected] > Assunto: Re: Using cxf with X509v3 certificates > > Yes, CXF supports this configuration. Your WSDL did not make it > through though so I can't tell what the problem is. Try just copying > and pasting the security binding directly into an email? > > Colm. > > On Tue, Aug 28, 2012 at 6:20 PM, Nícolas Fontenele <[email protected]> wrote: > >> Hi all,**** >> >> ** ** >> >> I'm developing a client service to consume a .net service with >> x509v3 certificate using ws-security.**** >> >> The Service uses symmetric binding, with >> includeToken="prefix/AlwaysToRecipient" and a >> <sp:ProtectionToken>.**** >> >> I have two certificates, a *.pfx file and *.cer which I have to use >> to >> access.**** >> >> My wsdl is attached.**** >> >> My question is Does cxf supports this configuration?**** >> >> ** ** >> >> Best Regards,**** >> >> ** ** >> >> ** ** >> >> *Nícolas Fontenele* >> >> ** ** >> > > > -- > Colm O hEigeartaigh > > Talend Community Coder > http://coders.talend.com > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
