Hi Nicolas, The approach you are following is not valid. You must not add the WSS4J(Out|In)Interceptors for the security policy case. If you configure WS-SecurityPolicy as per the system tests I show you, does it work?
Colm. On Mon, Sep 3, 2012 at 6:13 PM, Nícolas Fontenele <[email protected]> wrote: > Thanks Colm. > > I tried to mix to see whether I can get some feedback from the service. > It’s > a .net service and I have only a pfx file and a .cer certifications. > > Most examples I saw I have cxf service and client, what I wanted to know > initially is that is possible to communicate to this service with all this > assertions showed > > In the wsdl. > > When I tried to access I got ‘’no signature token’’ and debugging CXF I > need to set the property ‘’ws-security.token’’. > > This property expects a ‘’SecurityToken’’ object which I don’t know how can > I create or get it. > > > > If you recognize this behavior please tell me, will be a good help. > > > > Regards, > > > > Nícolas Fontenele > > > > De: Colm O hEigeartaigh [mailto:[email protected]] > Enviada: segunda-feira, 3 de setembro de 2012 09:57 > Para: Nicolas Frota > Cc: [email protected] > Assunto: Re: Using cxf with X509v3 certificates > > > > > As Glen said, you are mixing two different type of configuration. For the > WS-SecurityPolicy case you do not need to add any interceptors, as the > policy-based interceptors are added automatically when the WSDL contains > WS-SecurityPolicy expressions. See the WS-Security example system tests for > some configuration examples: > > https://svn.apache.org/repos/asf/cxf/trunk/systests/ws-security-examples/ > > Colm. > > On Wed, Aug 29, 2012 at 9:19 PM, Nícolas Fontenele <[email protected]> > wrote: > > Thanks Glenn, Do you know some examples of WS-SecPol only? > What I did is set some properties in the request context that I saw in the > documentation http://cxf.apache.org/docs/ws-securitypolicy.html . > Funny thing is that cxf asks for this property below: > > > Map<String, Object> ctx = ((BindingProvider) port).getRequestContext(); > > ctx.put("ws-security.token", new SecurityToken()); > > which isnt wrote in the documentation. Do you have any ideia which token > should I put there? > > Best Regards, > > Nícolas Fontenele > > > > -----Mensagem original----- > De: Glen Mazza [mailto:[email protected]] > > Enviada: terça-feira, 28 de agosto de 2012 16:43 > > Para: [email protected] > Assunto: Re: Using cxf with X509v3 certificates > > From your earlier email you're using WS-SecurityPolicy in your WSDL, so > you > shouldn't be using the WSS4J Out/In interceptors--that's strictly for > non-WS-SecPol use. > > Glen > > On 08/28/2012 03:28 PM, Nícolas Fontenele wrote: > > Im also adding my code here . > > Thanks!! > > > > public class Client { > > > > private static final String WSU_NS = > > "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-ut > > ility- > > 1.0.xsd"; > > > > public static void main(String args[]) { > > > > try { > > // 02c6b75f-5fc8-4c05-a79f-78fa1ded10e1 > > WSS4JOutInterceptor wssOut = createOutProperties(); > > WSS4JInInterceptor wssIn = createInProperties(); > > > > SecGtwService service = new SecGtwService( > > new java.net.URL( > > > > "http://nrio083fcom.develop.net/services/SecureGateway/CalypsoGatewayC > > ert/Se > > cGtwServiceHost.svc?wsdl")); > > ISecGtwServiceContract port = > > service.getCertificateEndPoint(); > > > > org.apache.cxf.endpoint.Client client = > > ClientProxy.getClient(port); > > > > client.getInInterceptors().add(wssIn); > > client.getOutInterceptors().add(wssOut); > > > > Map<String, Object> ctx = ((BindingProvider) port) > > .getRequestContext(); > > > > ctx.put("ws-security.token", new SecurityToken()); > > System.out.println(port.whoIAm()); > > > > } catch (MalformedURLException e) { > > // TODO Auto-generated catch block > > e.printStackTrace(); > > } > > > > } > > > > private static WSS4JInInterceptor createInProperties() { > > Map<String, Object> inProps = new HashMap<String, Object>(); > > inProps.put(WSHandlerConstants.ACTION, > > "UsernameToken Timestamp Signature Encrypt"); > > inProps.put("passwordType", "PasswordText"); > > inProps.put("passwordCallbackClass", > > ClientPasswordCallback.class.getName()); > > inProps.put("decryptionPropFile", "etc/client_enc.properties"); > > inProps.put("encryptionKeyIdentifier", "IssuerSerial"); > > > > inProps.put("signaturePropFile", "etc/client_sign.properties"); > > inProps.put("signatureKeyIdentifier", "DirectReference"); > > > > return new WSS4JInInterceptor(inProps); > > > > } > > > > private static WSS4JOutInterceptor createOutProperties() { > > Map<String, Object> outProps = new HashMap<String, Object>(); > > outProps.put(WSHandlerConstants.ACTION, > > "UsernameToken Timestamp Signature Encrypt"); > > outProps.put("passwordType", "PasswordDigest"); > > > > outProps.put(WSHandlerConstants.USER, > > "02c6b75f-5fc8-4c05-a79f-78fa1ded10e1"); > > outProps.put(WSHandlerConstants.PW_CALLBACK_CLASS, > > ClientPasswordCallback.class.getName()); > > > > outProps.put("encryptionUser", "pub"); > > outProps.put(WSHandlerConstants.ENC_PROP_FILE, > > "etc/client_enc.properties"); > > > > outProps.put("encryptionKeyIdentifier", "IssuerSerial"); > > outProps.put("encryptionParts", "{Element}{" + WSU_NS + > > "}Timestamp;" > > + "{Content}" + > > "{http://www.w3.org/2003/05/soap-envelope}Body > <http://www.w3.org/2003/05/soap-envelope%7dBody> "); > > > > outProps.put(WSHandlerConstants.SIG_PROP_FILE, > > "etc/client_sign.properties"); > > > > outProps.put("signatureKeyIdentifier", "DirectReference"); > > outProps.put("signatureParts", "{Element}{" + WSU_NS + > "}Timestamp;" > > + "{Element}" + > > "{http://www.w3.org/2003/05/soap-envelope}Body > <http://www.w3.org/2003/05/soap-envelope%7dBody> "); > > > > return new WSS4JOutInterceptor(outProps); > > > > } > > > > -----Mensagem original----- > > De: Nícolas Fontenele [mailto:[email protected]] > > Enviada: terça-feira, 28 de agosto de 2012 15:11 > > Para: [email protected]; [email protected] > > Assunto: RE: Using cxf with X509v3 certificates > > > > Thanks for the answer, I'll paste wsdl here. > > What I have been trying is use wss4j interceptors as I can see in some > > examples. > > I imported both certificates on my keystore and I can see debugging > > that the password handler get the keys from that. > > My problem right now is that CXF is expecting an initial token ( of a > > class SecurityToken ) on the request context property > > ''ws-security.token''. I saw it debugging. > > Is correct to use this property? > > I saw in ws security samples that only set properties on the > > interceptors and not in the requestcontext of the client. > > And if this behavior is correct, How can I create this token? Should > > I use another property? > > > > Wsdl is below, any idea? > > Thanks! > > > > <?xml version="1.0" encoding="utf-8"?> <wsdl:definitions > > xmlns:wsap="http://schemas.xmlsoap.org/ws/2004/08/addressing/policy"; > > xmlns:wsa10="http://www.w3.org/2005/08/addressing"; > > xmlns:tns="http://tempuri.org/"; > > xmlns:msc="http://schemas.microsoft.com/ws/2005/12/wsdl/contract"; > > xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/"; > > xmlns:wsx="http://schemas.xmlsoap.org/ws/2004/09/mex"; > > xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"; > > xmlns:wsam="http://www.w3.org/2007/05/addressing/metadata"; > > xmlns:soap12="http://schemas.xmlsoap.org/wsdl/soap12/"; > > xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"; > > xmlns:wsaw="http://www.w3.org/2006/05/addressing/wsdl"; > > xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/"; > > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wss > > > ecurit y-utility-1.0.xsd" xmlns:xsd="http://www.w3.org/2001/XMLSchema"; > > > name="SecGtwService" targetNamespace="http://tempuri.org/"; > > xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/";> > > <wsp:Policy wsu:Id="CertificateEndPoint_policy"> > > <wsp:ExactlyOne> > > <wsp:All> > > <sp:SymmetricBinding > > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> > > <wsp:Policy> > > <sp:ProtectionToken> > > <wsp:Policy> > > <sp:SecureConversationToken > > sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/ > > Includ > > eToken/AlwaysToRecipient"> > > <wsp:Policy> > > <sp:RequireDerivedKeys /> > > <sp:BootstrapPolicy> > > <wsp:Policy> > > <sp:SignedParts> > > <sp:Body /> > > <sp:Header Name="To" > > Namespace="http://www.w3.org/2005/08/addressing"; /> > > <sp:Header Name="From" > > Namespace="http://www.w3.org/2005/08/addressing"; /> > > <sp:Header Name="FaultTo" > > Namespace="http://www.w3.org/2005/08/addressing"; /> > > <sp:Header Name="ReplyTo" > > Namespace="http://www.w3.org/2005/08/addressing"; /> > > <sp:Header Name="MessageID" > > Namespace="http://www.w3.org/2005/08/addressing"; /> > > <sp:Header Name="RelatesTo" > > Namespace="http://www.w3.org/2005/08/addressing"; /> > > <sp:Header Name="Action" > > Namespace="http://www.w3.org/2005/08/addressing"; /> > > </sp:SignedParts> > > <sp:EncryptedParts> > > <sp:Body /> > > </sp:EncryptedParts> > > <sp:SymmetricBinding> > > <wsp:Policy> > > <sp:ProtectionToken> > > <wsp:Policy> > > <mssp:SslContextToken > > sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/ > > Includ > > eToken/AlwaysToRecipient" > > xmlns:mssp="http://schemas.microsoft.com/ws/2005/07/securitypolicy";> > > <wsp:Policy> > > <sp:RequireDerivedKeys /> > > <mssp:RequireClientCertificate /> > > </wsp:Policy> > > </mssp:SslContextToken> > > </wsp:Policy> > > </sp:ProtectionToken> > > <sp:AlgorithmSuite> > > <wsp:Policy> > > <sp:Basic256 /> > > </wsp:Policy> > > </sp:AlgorithmSuite> > > <sp:Layout> > > <wsp:Policy> > > <sp:Strict /> > > </wsp:Policy> > > </sp:Layout> > > <sp:IncludeTimestamp /> > > <sp:EncryptSignature /> > > <sp:OnlySignEntireHeadersAndBody /> > > </wsp:Policy> > > </sp:SymmetricBinding> > > <sp:Wss11> > > <wsp:Policy /> > > </sp:Wss11> > > <sp:Trust10> > > <wsp:Policy> > > <sp:MustSupportIssuedTokens /> > > <sp:RequireClientEntropy /> > > <sp:RequireServerEntropy /> > > </wsp:Policy> > > </sp:Trust10> > > </wsp:Policy> > > </sp:BootstrapPolicy> > > </wsp:Policy> > > </sp:SecureConversationToken> > > </wsp:Policy> > > </sp:ProtectionToken> > > <sp:AlgorithmSuite> > > <wsp:Policy> > > <sp:Basic256 /> > > </wsp:Policy> > > </sp:AlgorithmSuite> > > <sp:Layout> > > <wsp:Policy> > > <sp:Strict /> > > </wsp:Policy> > > </sp:Layout> > > <sp:IncludeTimestamp /> > > <sp:EncryptSignature /> > > <sp:OnlySignEntireHeadersAndBody /> > > </wsp:Policy> > > </sp:SymmetricBinding> > > <sp:Wss11 > > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> > > <wsp:Policy /> > > </sp:Wss11> > > <sp:Trust10 > > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> > > <wsp:Policy> > > <sp:MustSupportIssuedTokens /> > > <sp:RequireClientEntropy /> > > <sp:RequireServerEntropy /> > > </wsp:Policy> > > </sp:Trust10> > > <wsaw:UsingAddressing /> > > </wsp:All> > > </wsp:ExactlyOne> > > </wsp:Policy> > > <wsp:Policy > wsu:Id="CertificateEndPoint_AuthenticateService_Input_policy"> > > <wsp:ExactlyOne> > > <wsp:All> > > <sp:SignedParts > > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> > > <sp:Body /> > > <sp:Header Name="To" > > Namespace="http://www.w3.org/2005/08/addressing"; /> > > <sp:Header Name="From" > > Namespace="http://www.w3.org/2005/08/addressing"; /> > > <sp:Header Name="FaultTo" > > Namespace="http://www.w3.org/2005/08/addressing"; /> > > <sp:Header Name="ReplyTo" > > Namespace="http://www.w3.org/2005/08/addressing"; /> > > <sp:Header Name="MessageID" > > Namespace="http://www.w3.org/2005/08/addressing"; /> > > <sp:Header Name="RelatesTo" > > Namespace="http://www.w3.org/2005/08/addressing"; /> > > <sp:Header Name="Action" > > Namespace="http://www.w3.org/2005/08/addressing"; /> > > </sp:SignedParts> > > <sp:EncryptedParts > > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> > > <sp:Body /> > > </sp:EncryptedParts> > > </wsp:All> > > </wsp:ExactlyOne> > > </wsp:Policy> > > <wsp:Policy > > wsu:Id="CertificateEndPoint_AuthenticateService_output_policy"> > > <wsp:ExactlyOne> > > <wsp:All> > > <sp:SignedParts > > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> > > <sp:Body /> > > <sp:Header Name="To" > > Namespace="http://www.w3.org/2005/08/addressing"; /> > > <sp:Header Name="From" > > Namespace="http://www.w3.org/2005/08/addressing"; /> > > <sp:Header Name="FaultTo" > > Namespace="http://www.w3.org/2005/08/addressing"; /> > > <sp:Header Name="ReplyTo" > > Namespace="http://www.w3.org/2005/08/addressing"; /> > > <sp:Header Name="MessageID" > > Namespace="http://www.w3.org/2005/08/addressing"; /> > > <sp:Header Name="RelatesTo" > > Namespace="http://www.w3.org/2005/08/addressing"; /> > > <sp:Header Name="Action" > > Namespace="http://www.w3.org/2005/08/addressing"; /> > > </sp:SignedParts> > > <sp:EncryptedParts > > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> > > <sp:Body /> > > </sp:EncryptedParts> > > </wsp:All> > > </wsp:ExactlyOne> > > </wsp:Policy> > > <wsp:Policy > > wsu:Id="CertificateEndPoint_ValidadeTokenService_Input_policy"> > > <wsp:ExactlyOne> > > <wsp:All> > > <sp:SignedParts > > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> > > <sp:Body /> > > <sp:Header Name="To" > > Namespace="http://www.w3.org/2005/08/addressing"; /> > > <sp:Header Name="From" > > Namespace="http://www.w3.org/2005/08/addressing"; /> > > <sp:Header Name="FaultTo" > > Namespace="http://www.w3.org/2005/08/addressing"; /> > > <sp:Header Name="ReplyTo" > > Namespace="http://www.w3.org/2005/08/addressing"; /> > > <sp:Header Name="MessageID" > > Namespace="http://www.w3.org/2005/08/addressing"; /> > > <sp:Header Name="RelatesTo" > > Namespace="http://www.w3.org/2005/08/addressing"; /> > > <sp:Header Name="Action" > > Namespace="http://www.w3.org/2005/08/addressing"; /> > > </sp:SignedParts> > > <sp:EncryptedParts > > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> > > <sp:Body /> > > </sp:EncryptedParts> > > </wsp:All> > > </wsp:ExactlyOne> > > </wsp:Policy> > > <wsp:Policy > > wsu:Id="CertificateEndPoint_ValidadeTokenService_output_policy"> > > <wsp:ExactlyOne> > > <wsp:All> > > <sp:SignedParts > > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> > > <sp:Body /> > > <sp:Header Name="To" > > Namespace="http://www.w3.org/2005/08/addressing"; /> > > <sp:Header Name="From" > > Namespace="http://www.w3.org/2005/08/addressing"; /> > > <sp:Header Name="FaultTo" > > Namespace="http://www.w3.org/2005/08/addressing"; /> > > <sp:Header Name="ReplyTo" > > Namespace="http://www.w3.org/2005/08/addressing"; /> > > <sp:Header Name="MessageID" > > Namespace="http://www.w3.org/2005/08/addressing"; /> > > <sp:Header Name="RelatesTo" > > Namespace="http://www.w3.org/2005/08/addressing"; /> > > <sp:Header Name="Action" > > Namespace="http://www.w3.org/2005/08/addressing"; /> > > </sp:SignedParts> > > <sp:EncryptedParts > > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> > > <sp:Body /> > > </sp:EncryptedParts> > > </wsp:All> > > </wsp:ExactlyOne> > > </wsp:Policy> > > <wsp:Policy wsu:Id="CertificateEndPoint_WhoIAm_Input_policy"> > > <wsp:ExactlyOne> > > <wsp:All> > > <sp:SignedParts > > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> > > <sp:Body /> > > <sp:Header Name="To" > > Namespace="http://www.w3.org/2005/08/addressing"; /> > > <sp:Header Name="From" > > Namespace="http://www.w3.org/2005/08/addressing"; /> > > <sp:Header Name="FaultTo" > > Namespace="http://www.w3.org/2005/08/addressing"; /> > > <sp:Header Name="ReplyTo" > > Namespace="http://www.w3.org/2005/08/addressing"; /> > > <sp:Header Name="MessageID" > > Namespace="http://www.w3.org/2005/08/addressing"; /> > > <sp:Header Name="RelatesTo" > > Namespace="http://www.w3.org/2005/08/addressing"; /> > > <sp:Header Name="Action" > > Namespace="http://www.w3.org/2005/08/addressing"; /> > > </sp:SignedParts> > > <sp:EncryptedParts > > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> > > <sp:Body /> > > </sp:EncryptedParts> > > </wsp:All> > > </wsp:ExactlyOne> > > </wsp:Policy> > > <wsp:Policy wsu:Id="CertificateEndPoint_WhoIAm_output_policy"> > > <wsp:ExactlyOne> > > <wsp:All> > > <sp:SignedParts > > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> > > <sp:Body /> > > <sp:Header Name="To" > > Namespace="http://www.w3.org/2005/08/addressing"; /> > > <sp:Header Name="From" > > Namespace="http://www.w3.org/2005/08/addressing"; /> > > <sp:Header Name="FaultTo" > > Namespace="http://www.w3.org/2005/08/addressing"; /> > > <sp:Header Name="ReplyTo" > > Namespace="http://www.w3.org/2005/08/addressing"; /> > > <sp:Header Name="MessageID" > > Namespace="http://www.w3.org/2005/08/addressing"; /> > > <sp:Header Name="RelatesTo" > > Namespace="http://www.w3.org/2005/08/addressing"; /> > > <sp:Header Name="Action" > > Namespace="http://www.w3.org/2005/08/addressing"; /> > > </sp:SignedParts> > > <sp:EncryptedParts > > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> > > <sp:Body /> > > </sp:EncryptedParts> > > </wsp:All> > > </wsp:ExactlyOne> > > </wsp:Policy> > > <wsdl:types> > > <xsd:schema targetNamespace="http://tempuri.org/Imports";> > > <xsd:import > > schemaLocation="http://nrio0230dco.pactual.net/services/SecureGateway/ > > > Calyps oGatewayCert/SecGtwServiceHost.svc?xsd=xsd0" > > > namespace="http://tempuri.org/"; > > /> > > <xsd:import > > schemaLocation="http://nrio0230dco.pactual.net/services/SecureGateway/ > > > Calyps oGatewayCert/SecGtwServiceHost.svc?xsd=xsd1" > > > namespace="http://schemas.microsoft.com/2003/10/Serialization/"; /> > > <xsd:import > > schemaLocation="http://nrio0230dco.pactual.net/services/SecureGateway/ > > Calyps oGatewayCert/SecGtwServiceHost.svc?xsd=xsd2" > > namespace="http://schemas.datacontract.org/2004/07/Pactual.SecureGatew > > ay.Ser > > vices.Contracts" /> > > </xsd:schema> > > </wsdl:types> > > <wsdl:message > > name="ISecGtwServiceContract_AuthenticateService_InputMessage"> > > <wsdl:part name="parameters" element="tns:AuthenticateService" /> > > </wsdl:message> > > <wsdl:message > > name="ISecGtwServiceContract_AuthenticateService_OutputMessage"> > > <wsdl:part name="parameters" > element="tns:AuthenticateServiceResponse" > > /> > > </wsdl:message> > > <wsdl:message > > name="ISecGtwServiceContract_ValidadeTokenService_InputMessage"> > > <wsdl:part name="parameters" element="tns:ValidadeTokenService" /> > > </wsdl:message> > > <wsdl:message > > name="ISecGtwServiceContract_ValidadeTokenService_OutputMessage"> > > <wsdl:part name="parameters" > element="tns:ValidadeTokenServiceResponse" > > /> > > </wsdl:message> > > <wsdl:message name="ISecGtwServiceContract_WhoIAm_InputMessage"> > > <wsdl:part name="parameters" element="tns:WhoIAm" /> > > </wsdl:message> > > <wsdl:message name="ISecGtwServiceContract_WhoIAm_OutputMessage"> > > <wsdl:part name="parameters" element="tns:WhoIAmResponse" /> > > </wsdl:message> > > <wsdl:portType name="ISecGtwServiceContract"> > > <wsdl:operation name="AuthenticateService"> > > <wsdl:input > > > wsaw:Action="http://tempuri.org/ISecGtwServiceContract/AuthenticateService > " > > message="tns:ISecGtwServiceContract_AuthenticateService_InputMessage" /> > > <wsdl:output > > wsaw:Action="http://tempuri.org/ISecGtwServiceContract/AuthenticateSer > > viceRe > > sponse" > > message="tns:ISecGtwServiceContract_AuthenticateService_OutputMessage" /> > > </wsdl:operation> > > <wsdl:operation name="ValidadeTokenService"> > > <wsdl:input > > > wsaw:Action=" > http://tempuri.org/ISecGtwServiceContract/ValidadeTokenService"; > > message="tns:ISecGtwServiceContract_ValidadeTokenService_InputMessage" /> > > <wsdl:output > > wsaw:Action="http://tempuri.org/ISecGtwServiceContract/ValidadeTokenSe > > rviceR > > esponse" > > message="tns:ISecGtwServiceContract_ValidadeTokenService_OutputMessage" > /> > > </wsdl:operation> > > <wsdl:operation name="WhoIAm"> > > <wsdl:input > > wsaw:Action="http://tempuri.org/ISecGtwServiceContract/WhoIAm"; > > message="tns:ISecGtwServiceContract_WhoIAm_InputMessage" /> > > <wsdl:output > > wsaw:Action="http://tempuri.org/ISecGtwServiceContract/WhoIAmResponse"; > > message="tns:ISecGtwServiceContract_WhoIAm_OutputMessage" /> > > </wsdl:operation> > > </wsdl:portType> > > <wsdl:binding name="CertificateEndPoint" > > type="tns:ISecGtwServiceContract"> > > <wsp:PolicyReference URI="#CertificateEndPoint_policy" /> > > <soap12:binding transport="http://schemas.xmlsoap.org/soap/http"; /> > > <wsdl:operation name="AuthenticateService"> > > <soap12:operation > > soapAction=" > http://tempuri.org/ISecGtwServiceContract/AuthenticateService"; > > style="document" /> > > <wsdl:input> > > <wsp:PolicyReference > > URI="#CertificateEndPoint_AuthenticateService_Input_policy" /> > > <soap12:body use="literal" /> > > </wsdl:input> > > <wsdl:output> > > <wsp:PolicyReference > > URI="#CertificateEndPoint_AuthenticateService_output_policy" /> > > <soap12:body use="literal" /> > > </wsdl:output> > > </wsdl:operation> > > <wsdl:operation name="ValidadeTokenService"> > > <soap12:operation > > > soapAction="http://tempuri.org/ISecGtwServiceContract/ValidadeTokenService > " > > style="document" /> > > <wsdl:input> > > <wsp:PolicyReference > > URI="#CertificateEndPoint_ValidadeTokenService_Input_policy" /> > > <soap12:body use="literal" /> > > </wsdl:input> > > <wsdl:output> > > <wsp:PolicyReference > > URI="#CertificateEndPoint_ValidadeTokenService_output_policy" /> > > <soap12:body use="literal" /> > > </wsdl:output> > > </wsdl:operation> > > <wsdl:operation name="WhoIAm"> > > <soap12:operation > > soapAction="http://tempuri.org/ISecGtwServiceContract/WhoIAm"; > > style="document" /> > > <wsdl:input> > > <wsp:PolicyReference > URI="#CertificateEndPoint_WhoIAm_Input_policy" > > /> > > <soap12:body use="literal" /> > > </wsdl:input> > > <wsdl:output> > > <wsp:PolicyReference > URI="#CertificateEndPoint_WhoIAm_output_policy" > > /> > > <soap12:body use="literal" /> > > </wsdl:output> > > </wsdl:operation> > > </wsdl:binding> > > <wsdl:service name="SecGtwService"> > > <wsdl:port name="CertificateEndPoint" > binding="tns:CertificateEndPoint"> > > <soap12:address > > location="http://nrio0230dco.pactual.net/services/SecureGateway/Calyps > > oGatew > > ayCert/SecGtwServiceHost.svc" /> > > <wsa10:EndpointReference> > > > > <wsa10:Address>http://nrio0230dco.pactual.net/services/SecureGateway/C > > > alypso GatewayCert/SecGtwServiceHost.svc</wsa10:Address> > > > <Identity > > xmlns="http://schemas.xmlsoap.org/ws/2006/02/addressingidentity";> > > <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig# > <http://www.w3.org/2000/09/xmldsig> "> > > <X509Data> > > > > <X509Certificate>MIIBxTCCAXOgAwIBAgIQoF4m3EAEm4RCITdLvQ/MxTAJBgUrDgMCH > > QUAMBY > > xFDASBgNVBAMTC1Jvb3QgQWdlbmN5MB4XDTEyMDcxODAwMjQzN1oXDTM5MTIzMTIzNTk1O > > VowKDE > > mMCQGA1UEAxMdUGFjdHVhbC5TZWN1cmVHYXRld2F5LlNlcnZpY2UwgZ8wDQYJKoZIhvcNA > > QEBBQA > > DgY0AMIGJAoGBAN7Bng23dMbhRgzQ3KuD1uox0MriWjJON3DL1tQsHqGqjE9ZiTeVnijDE > > Wxre93 > > 8+/sELJ+Ru3mdoQae+ICfn3guBEwg80MBqeQlpNmWMssaKVWJAK5ur2YCo3UNoju2d+ZEg > > > 8+D0 > > 8+73tQ > > 4MLp68a3TfUEKrzrBbXZQbFak8opoyCPhAgMBAAGjSzBJMEcGA1UdAQRAMD6AEBLkCS0GH > > R1PAI1 > > hIdwWZGOhGDAWMRQwEgYDVQQDEwtSb290IEFnZW5jeYIQBjdsAKoAZIoRz7jUqlw19DAJB > > gUrDgM > > CHQUAA0EAVL4d3PW6GhtrfEyYBghg5SIzwrsaKUvOsudIEPuOH8xWPbkgyFszcxKJpOj2d > > xawvNv srBo8D62D9xUTMexQHw==</X509Certificate> > > > </X509Data> > > </KeyInfo> > > </Identity> > > </wsa10:EndpointReference> > > </wsdl:port> > > </wsdl:service> > > </wsdl:definitions> > > > > > > -----Mensagem original----- > > De: Colm O hEigeartaigh [mailto:[email protected]] > > Enviada: terça-feira, 28 de agosto de 2012 14:45 > > Para: [email protected] > > Assunto: Re: Using cxf with X509v3 certificates > > > > Yes, CXF supports this configuration. Your WSDL did not make it > > through though so I can't tell what the problem is. Try just copying > > and pasting the security binding directly into an email? > > > > Colm. > > > > On Tue, Aug 28, 2012 at 6:20 PM, Nícolas Fontenele <[email protected]> > wrote: > > > >> Hi all,**** > >> > >> ** ** > >> > >> I'm developing a client service to consume a .net service with > >> x509v3 certificate using ws-security.**** > >> > >> The Service uses symmetric binding, with > >> includeToken="prefix/AlwaysToRecipient" and a > >> <sp:ProtectionToken>.**** > >> > >> I have two certificates, a *.pfx file and *.cer which I have to use > >> to > >> access.**** > >> > >> My wsdl is attached.**** > >> > >> My question is Does cxf supports this configuration?**** > >> > >> ** ** > >> > >> Best Regards,**** > >> > >> ** ** > >> > >> ** ** > >> > >> *Nícolas Fontenele* > >> > >> ** ** > >> > > > > > > -- > > Colm O hEigeartaigh > > > > Talend Community Coder > > http://coders.talend.com > > > > > > > -- > Colm O hEigeartaigh > > Talend Community Coder > http://coders.talend.com > > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
