The main issue is this in the policy: >> <mssp:SslContextToken >> sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolic >> y/ >> Includ >> eToken/AlwaysToRecipient" >> xmlns:mssp="http://schemas.microsoft.com/ws/2005/07/securitypolicy";>
This is a MS proprietary token as far as I can tell and no one other than MS implements it. See: http://webservices20.blogspot.com/2008/10/interoperability-gotcha-sslcontexttoken.html Dan On Sep 10, 2012, at 12:50 PM, Nícolas Fontenele <[email protected]> wrote: > Hello Colm, > > As I said, I tried this mix only to get some feedback from the service. I'm > not using right now. > When I create ws policy based client and server it works well, like the > examples you give me. > The problem is when I tried to access a .net service , as described in the > wsdl showed here. > I got this strange behavior of signature token sad before. That's why I want > to know if > CXF is able to access this kind for service. > > If it isn’t , does anybody know any api/framework able to do it? May be free > or paid. > > > Thanks Colm! > > Regards, > > -----Mensagem original----- > De: Colm O hEigeartaigh [mailto:[email protected]] > Enviada: terça-feira, 4 de setembro de 2012 06:45 > Para: [email protected] > Assunto: Re: Using cxf with X509v3 certificates > > Hi Nicolas, > > The approach you are following is not valid. You must not add the > WSS4J(Out|In)Interceptors for the security policy case. If you configure > WS-SecurityPolicy as per the system tests I show you, does it work? > > Colm. > > On Mon, Sep 3, 2012 at 6:13 PM, Nícolas Fontenele <[email protected]> wrote: > >> Thanks Colm. >> >> I tried to mix to see whether I can get some feedback from the service. >> It’s >> a .net service and I have only a pfx file and a .cer certifications. >> >> Most examples I saw I have cxf service and client, what I wanted to >> know initially is that is possible to communicate to this service with >> all this assertions showed >> >> In the wsdl. >> >> When I tried to access I got ‘’no signature token’’ and debugging CXF >> I need to set the property ‘’ws-security.token’’. >> >> This property expects a ‘’SecurityToken’’ object which I don’t know >> how can I create or get it. >> >> >> >> If you recognize this behavior please tell me, will be a good help. >> >> >> >> Regards, >> >> >> >> Nícolas Fontenele >> >> >> >> De: Colm O hEigeartaigh [mailto:[email protected]] >> Enviada: segunda-feira, 3 de setembro de 2012 09:57 >> Para: Nicolas Frota >> Cc: [email protected] >> Assunto: Re: Using cxf with X509v3 certificates >> >> >> >> >> As Glen said, you are mixing two different type of configuration. For >> the WS-SecurityPolicy case you do not need to add any interceptors, as >> the policy-based interceptors are added automatically when the WSDL >> contains WS-SecurityPolicy expressions. See the WS-Security example >> system tests for some configuration examples: >> >> https://svn.apache.org/repos/asf/cxf/trunk/systests/ws-security-exampl >> es/ >> >> Colm. >> >> On Wed, Aug 29, 2012 at 9:19 PM, Nícolas Fontenele <[email protected]> >> wrote: >> >> Thanks Glenn, Do you know some examples of WS-SecPol only? >> What I did is set some properties in the request context that I saw in >> the documentation http://cxf.apache.org/docs/ws-securitypolicy.html . >> Funny thing is that cxf asks for this property below: >> >> >> Map<String, Object> ctx = ((BindingProvider) >> port).getRequestContext(); >> >> ctx.put("ws-security.token", new SecurityToken()); >> >> which isnt wrote in the documentation. Do you have any ideia which >> token should I put there? >> >> Best Regards, >> >> Nícolas Fontenele >> >> >> >> -----Mensagem original----- >> De: Glen Mazza [mailto:[email protected]] >> >> Enviada: terça-feira, 28 de agosto de 2012 16:43 >> >> Para: [email protected] >> Assunto: Re: Using cxf with X509v3 certificates >> >> From your earlier email you're using WS-SecurityPolicy in your WSDL, >> so you shouldn't be using the WSS4J Out/In interceptors--that's >> strictly for non-WS-SecPol use. >> >> Glen >> >> On 08/28/2012 03:28 PM, Nícolas Fontenele wrote: >>> Im also adding my code here . >>> Thanks!! >>> >>> public class Client { >>> >>> private static final String WSU_NS = >>> "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity- >>> ut >>> ility- >>> 1.0.xsd"; >>> >>> public static void main(String args[]) { >>> >>> try { >>> // 02c6b75f-5fc8-4c05-a79f-78fa1ded10e1 >>> WSS4JOutInterceptor wssOut = createOutProperties(); >>> WSS4JInInterceptor wssIn = createInProperties(); >>> >>> SecGtwService service = new SecGtwService( >>> new java.net.URL( >>> >>> "http://nrio083fcom.develop.net/services/SecureGateway/CalypsoGatewa >>> yC >>> ert/Se >>> cGtwServiceHost.svc?wsdl")); >>> ISecGtwServiceContract port = >>> service.getCertificateEndPoint(); >>> >>> org.apache.cxf.endpoint.Client client = >>> ClientProxy.getClient(port); >>> >>> client.getInInterceptors().add(wssIn); >>> client.getOutInterceptors().add(wssOut); >>> >>> Map<String, Object> ctx = ((BindingProvider) port) >>> .getRequestContext(); >>> >>> ctx.put("ws-security.token", new SecurityToken()); >>> System.out.println(port.whoIAm()); >>> >>> } catch (MalformedURLException e) { >>> // TODO Auto-generated catch block >>> e.printStackTrace(); >>> } >>> >>> } >>> >>> private static WSS4JInInterceptor createInProperties() { >>> Map<String, Object> inProps = new HashMap<String, Object>(); >>> inProps.put(WSHandlerConstants.ACTION, >>> "UsernameToken Timestamp Signature Encrypt"); >>> inProps.put("passwordType", "PasswordText"); >>> inProps.put("passwordCallbackClass", >>> ClientPasswordCallback.class.getName()); >>> inProps.put("decryptionPropFile", "etc/client_enc.properties"); >>> inProps.put("encryptionKeyIdentifier", "IssuerSerial"); >>> >>> inProps.put("signaturePropFile", "etc/client_sign.properties"); >>> inProps.put("signatureKeyIdentifier", "DirectReference"); >>> >>> return new WSS4JInInterceptor(inProps); >>> >>> } >>> >>> private static WSS4JOutInterceptor createOutProperties() { >>> Map<String, Object> outProps = new HashMap<String, Object>(); >>> outProps.put(WSHandlerConstants.ACTION, >>> "UsernameToken Timestamp Signature Encrypt"); >>> outProps.put("passwordType", "PasswordDigest"); >>> >>> outProps.put(WSHandlerConstants.USER, >>> "02c6b75f-5fc8-4c05-a79f-78fa1ded10e1"); >>> outProps.put(WSHandlerConstants.PW_CALLBACK_CLASS, >>> ClientPasswordCallback.class.getName()); >>> >>> outProps.put("encryptionUser", "pub"); >>> outProps.put(WSHandlerConstants.ENC_PROP_FILE, >>> "etc/client_enc.properties"); >>> >>> outProps.put("encryptionKeyIdentifier", "IssuerSerial"); >>> outProps.put("encryptionParts", "{Element}{" + WSU_NS + >>> "}Timestamp;" >>> + "{Content}" + >>> "{http://www.w3.org/2003/05/soap-envelope}Body >> <http://www.w3.org/2003/05/soap-envelope%7dBody> "); >>> >>> outProps.put(WSHandlerConstants.SIG_PROP_FILE, >>> "etc/client_sign.properties"); >>> >>> outProps.put("signatureKeyIdentifier", "DirectReference"); >>> outProps.put("signatureParts", "{Element}{" + WSU_NS + >> "}Timestamp;" >>> + "{Element}" + >>> "{http://www.w3.org/2003/05/soap-envelope}Body >> <http://www.w3.org/2003/05/soap-envelope%7dBody> "); >>> >>> return new WSS4JOutInterceptor(outProps); >>> >>> } >>> >>> -----Mensagem original----- >>> De: Nícolas Fontenele [mailto:[email protected]] >>> Enviada: terça-feira, 28 de agosto de 2012 15:11 >>> Para: [email protected]; [email protected] >>> Assunto: RE: Using cxf with X509v3 certificates >>> >>> Thanks for the answer, I'll paste wsdl here. >>> What I have been trying is use wss4j interceptors as I can see in >>> some examples. >>> I imported both certificates on my keystore and I can see debugging >>> that the password handler get the keys from that. >>> My problem right now is that CXF is expecting an initial token ( of >>> a class SecurityToken ) on the request context property >>> ''ws-security.token''. I saw it debugging. >>> Is correct to use this property? >>> I saw in ws security samples that only set properties on the >>> interceptors and not in the requestcontext of the client. >>> And if this behavior is correct, How can I create this token? >>> Should I use another property? >>> >>> Wsdl is below, any idea? >>> Thanks! >>> >>> <?xml version="1.0" encoding="utf-8"?> <wsdl:definitions >>> xmlns:wsap="http://schemas.xmlsoap.org/ws/2004/08/addressing/policy"; >>> xmlns:wsa10="http://www.w3.org/2005/08/addressing"; >>> xmlns:tns="http://tempuri.org/"; >>> xmlns:msc="http://schemas.microsoft.com/ws/2005/12/wsdl/contract"; >>> xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/"; >>> xmlns:wsx="http://schemas.xmlsoap.org/ws/2004/09/mex"; >>> xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"; >>> xmlns:wsam="http://www.w3.org/2007/05/addressing/metadata"; >>> xmlns:soap12="http://schemas.xmlsoap.org/wsdl/soap12/"; >>> xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"; >>> xmlns:wsaw="http://www.w3.org/2006/05/addressing/wsdl"; >>> xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/"; >>> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-w >>> ss >> >>> ecurit y-utility-1.0.xsd" xmlns:xsd="http://www.w3.org/2001/XMLSchema"; >> >>> name="SecGtwService" targetNamespace="http://tempuri.org/"; >>> xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/";> >>> <wsp:Policy wsu:Id="CertificateEndPoint_policy"> >>> <wsp:ExactlyOne> >>> <wsp:All> >>> <sp:SymmetricBinding >>> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> >>> <wsp:Policy> >>> <sp:ProtectionToken> >>> <wsp:Policy> >>> <sp:SecureConversationToken >>> sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolic >>> y/ >>> Includ >>> eToken/AlwaysToRecipient"> >>> <wsp:Policy> >>> <sp:RequireDerivedKeys /> >>> <sp:BootstrapPolicy> >>> <wsp:Policy> >>> <sp:SignedParts> >>> <sp:Body /> >>> <sp:Header Name="To" >>> Namespace="http://www.w3.org/2005/08/addressing"; /> >>> <sp:Header Name="From" >>> Namespace="http://www.w3.org/2005/08/addressing"; /> >>> <sp:Header Name="FaultTo" >>> Namespace="http://www.w3.org/2005/08/addressing"; /> >>> <sp:Header Name="ReplyTo" >>> Namespace="http://www.w3.org/2005/08/addressing"; /> >>> <sp:Header Name="MessageID" >>> Namespace="http://www.w3.org/2005/08/addressing"; /> >>> <sp:Header Name="RelatesTo" >>> Namespace="http://www.w3.org/2005/08/addressing"; /> >>> <sp:Header Name="Action" >>> Namespace="http://www.w3.org/2005/08/addressing"; /> >>> </sp:SignedParts> >>> <sp:EncryptedParts> >>> <sp:Body /> >>> </sp:EncryptedParts> >>> <sp:SymmetricBinding> >>> <wsp:Policy> >>> <sp:ProtectionToken> >>> <wsp:Policy> >>> <mssp:SslContextToken >>> sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolic >>> y/ >>> Includ >>> eToken/AlwaysToRecipient" >>> xmlns:mssp="http://schemas.microsoft.com/ws/2005/07/securitypolicy";> >>> <wsp:Policy> >>> <sp:RequireDerivedKeys /> >>> <mssp:RequireClientCertificate /> >>> </wsp:Policy> >>> </mssp:SslContextToken> >>> </wsp:Policy> >>> </sp:ProtectionToken> >>> <sp:AlgorithmSuite> >>> <wsp:Policy> >>> <sp:Basic256 /> >>> </wsp:Policy> >>> </sp:AlgorithmSuite> >>> <sp:Layout> >>> <wsp:Policy> >>> <sp:Strict /> >>> </wsp:Policy> >>> </sp:Layout> >>> <sp:IncludeTimestamp /> >>> <sp:EncryptSignature /> >>> <sp:OnlySignEntireHeadersAndBody /> >>> </wsp:Policy> >>> </sp:SymmetricBinding> >>> <sp:Wss11> >>> <wsp:Policy /> >>> </sp:Wss11> >>> <sp:Trust10> >>> <wsp:Policy> >>> <sp:MustSupportIssuedTokens /> >>> <sp:RequireClientEntropy /> >>> <sp:RequireServerEntropy /> >>> </wsp:Policy> >>> </sp:Trust10> >>> </wsp:Policy> >>> </sp:BootstrapPolicy> >>> </wsp:Policy> >>> </sp:SecureConversationToken> >>> </wsp:Policy> >>> </sp:ProtectionToken> >>> <sp:AlgorithmSuite> >>> <wsp:Policy> >>> <sp:Basic256 /> >>> </wsp:Policy> >>> </sp:AlgorithmSuite> >>> <sp:Layout> >>> <wsp:Policy> >>> <sp:Strict /> >>> </wsp:Policy> >>> </sp:Layout> >>> <sp:IncludeTimestamp /> >>> <sp:EncryptSignature /> >>> <sp:OnlySignEntireHeadersAndBody /> >>> </wsp:Policy> >>> </sp:SymmetricBinding> >>> <sp:Wss11 >>> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> >>> <wsp:Policy /> >>> </sp:Wss11> >>> <sp:Trust10 >>> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> >>> <wsp:Policy> >>> <sp:MustSupportIssuedTokens /> >>> <sp:RequireClientEntropy /> >>> <sp:RequireServerEntropy /> >>> </wsp:Policy> >>> </sp:Trust10> >>> <wsaw:UsingAddressing /> >>> </wsp:All> >>> </wsp:ExactlyOne> >>> </wsp:Policy> >>> <wsp:Policy >> wsu:Id="CertificateEndPoint_AuthenticateService_Input_policy"> >>> <wsp:ExactlyOne> >>> <wsp:All> >>> <sp:SignedParts >>> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> >>> <sp:Body /> >>> <sp:Header Name="To" >>> Namespace="http://www.w3.org/2005/08/addressing"; /> >>> <sp:Header Name="From" >>> Namespace="http://www.w3.org/2005/08/addressing"; /> >>> <sp:Header Name="FaultTo" >>> Namespace="http://www.w3.org/2005/08/addressing"; /> >>> <sp:Header Name="ReplyTo" >>> Namespace="http://www.w3.org/2005/08/addressing"; /> >>> <sp:Header Name="MessageID" >>> Namespace="http://www.w3.org/2005/08/addressing"; /> >>> <sp:Header Name="RelatesTo" >>> Namespace="http://www.w3.org/2005/08/addressing"; /> >>> <sp:Header Name="Action" >>> Namespace="http://www.w3.org/2005/08/addressing"; /> >>> </sp:SignedParts> >>> <sp:EncryptedParts >>> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> >>> <sp:Body /> >>> </sp:EncryptedParts> >>> </wsp:All> >>> </wsp:ExactlyOne> >>> </wsp:Policy> >>> <wsp:Policy >>> wsu:Id="CertificateEndPoint_AuthenticateService_output_policy"> >>> <wsp:ExactlyOne> >>> <wsp:All> >>> <sp:SignedParts >>> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> >>> <sp:Body /> >>> <sp:Header Name="To" >>> Namespace="http://www.w3.org/2005/08/addressing"; /> >>> <sp:Header Name="From" >>> Namespace="http://www.w3.org/2005/08/addressing"; /> >>> <sp:Header Name="FaultTo" >>> Namespace="http://www.w3.org/2005/08/addressing"; /> >>> <sp:Header Name="ReplyTo" >>> Namespace="http://www.w3.org/2005/08/addressing"; /> >>> <sp:Header Name="MessageID" >>> Namespace="http://www.w3.org/2005/08/addressing"; /> >>> <sp:Header Name="RelatesTo" >>> Namespace="http://www.w3.org/2005/08/addressing"; /> >>> <sp:Header Name="Action" >>> Namespace="http://www.w3.org/2005/08/addressing"; /> >>> </sp:SignedParts> >>> <sp:EncryptedParts >>> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> >>> <sp:Body /> >>> </sp:EncryptedParts> >>> </wsp:All> >>> </wsp:ExactlyOne> >>> </wsp:Policy> >>> <wsp:Policy >>> wsu:Id="CertificateEndPoint_ValidadeTokenService_Input_policy"> >>> <wsp:ExactlyOne> >>> <wsp:All> >>> <sp:SignedParts >>> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> >>> <sp:Body /> >>> <sp:Header Name="To" >>> Namespace="http://www.w3.org/2005/08/addressing"; /> >>> <sp:Header Name="From" >>> Namespace="http://www.w3.org/2005/08/addressing"; /> >>> <sp:Header Name="FaultTo" >>> Namespace="http://www.w3.org/2005/08/addressing"; /> >>> <sp:Header Name="ReplyTo" >>> Namespace="http://www.w3.org/2005/08/addressing"; /> >>> <sp:Header Name="MessageID" >>> Namespace="http://www.w3.org/2005/08/addressing"; /> >>> <sp:Header Name="RelatesTo" >>> Namespace="http://www.w3.org/2005/08/addressing"; /> >>> <sp:Header Name="Action" >>> Namespace="http://www.w3.org/2005/08/addressing"; /> >>> </sp:SignedParts> >>> <sp:EncryptedParts >>> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> >>> <sp:Body /> >>> </sp:EncryptedParts> >>> </wsp:All> >>> </wsp:ExactlyOne> >>> </wsp:Policy> >>> <wsp:Policy >>> wsu:Id="CertificateEndPoint_ValidadeTokenService_output_policy"> >>> <wsp:ExactlyOne> >>> <wsp:All> >>> <sp:SignedParts >>> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> >>> <sp:Body /> >>> <sp:Header Name="To" >>> Namespace="http://www.w3.org/2005/08/addressing"; /> >>> <sp:Header Name="From" >>> Namespace="http://www.w3.org/2005/08/addressing"; /> >>> <sp:Header Name="FaultTo" >>> Namespace="http://www.w3.org/2005/08/addressing"; /> >>> <sp:Header Name="ReplyTo" >>> Namespace="http://www.w3.org/2005/08/addressing"; /> >>> <sp:Header Name="MessageID" >>> Namespace="http://www.w3.org/2005/08/addressing"; /> >>> <sp:Header Name="RelatesTo" >>> Namespace="http://www.w3.org/2005/08/addressing"; /> >>> <sp:Header Name="Action" >>> Namespace="http://www.w3.org/2005/08/addressing"; /> >>> </sp:SignedParts> >>> <sp:EncryptedParts >>> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> >>> <sp:Body /> >>> </sp:EncryptedParts> >>> </wsp:All> >>> </wsp:ExactlyOne> >>> </wsp:Policy> >>> <wsp:Policy wsu:Id="CertificateEndPoint_WhoIAm_Input_policy"> >>> <wsp:ExactlyOne> >>> <wsp:All> >>> <sp:SignedParts >>> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> >>> <sp:Body /> >>> <sp:Header Name="To" >>> Namespace="http://www.w3.org/2005/08/addressing"; /> >>> <sp:Header Name="From" >>> Namespace="http://www.w3.org/2005/08/addressing"; /> >>> <sp:Header Name="FaultTo" >>> Namespace="http://www.w3.org/2005/08/addressing"; /> >>> <sp:Header Name="ReplyTo" >>> Namespace="http://www.w3.org/2005/08/addressing"; /> >>> <sp:Header Name="MessageID" >>> Namespace="http://www.w3.org/2005/08/addressing"; /> >>> <sp:Header Name="RelatesTo" >>> Namespace="http://www.w3.org/2005/08/addressing"; /> >>> <sp:Header Name="Action" >>> Namespace="http://www.w3.org/2005/08/addressing"; /> >>> </sp:SignedParts> >>> <sp:EncryptedParts >>> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> >>> <sp:Body /> >>> </sp:EncryptedParts> >>> </wsp:All> >>> </wsp:ExactlyOne> >>> </wsp:Policy> >>> <wsp:Policy wsu:Id="CertificateEndPoint_WhoIAm_output_policy"> >>> <wsp:ExactlyOne> >>> <wsp:All> >>> <sp:SignedParts >>> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> >>> <sp:Body /> >>> <sp:Header Name="To" >>> Namespace="http://www.w3.org/2005/08/addressing"; /> >>> <sp:Header Name="From" >>> Namespace="http://www.w3.org/2005/08/addressing"; /> >>> <sp:Header Name="FaultTo" >>> Namespace="http://www.w3.org/2005/08/addressing"; /> >>> <sp:Header Name="ReplyTo" >>> Namespace="http://www.w3.org/2005/08/addressing"; /> >>> <sp:Header Name="MessageID" >>> Namespace="http://www.w3.org/2005/08/addressing"; /> >>> <sp:Header Name="RelatesTo" >>> Namespace="http://www.w3.org/2005/08/addressing"; /> >>> <sp:Header Name="Action" >>> Namespace="http://www.w3.org/2005/08/addressing"; /> >>> </sp:SignedParts> >>> <sp:EncryptedParts >>> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> >>> <sp:Body /> >>> </sp:EncryptedParts> >>> </wsp:All> >>> </wsp:ExactlyOne> >>> </wsp:Policy> >>> <wsdl:types> >>> <xsd:schema targetNamespace="http://tempuri.org/Imports";> >>> <xsd:import >>> schemaLocation="http://nrio0230dco.pactual.net/services/SecureGatewa >>> y/ >> >>> Calyps oGatewayCert/SecGtwServiceHost.svc?xsd=xsd0" >> >>> namespace="http://tempuri.org/"; >>> /> >>> <xsd:import >>> schemaLocation="http://nrio0230dco.pactual.net/services/SecureGatewa >>> y/ >> >>> Calyps oGatewayCert/SecGtwServiceHost.svc?xsd=xsd1" >> >>> namespace="http://schemas.microsoft.com/2003/10/Serialization/"; /> >>> <xsd:import >>> schemaLocation="http://nrio0230dco.pactual.net/services/SecureGatewa >>> y/ Calyps oGatewayCert/SecGtwServiceHost.svc?xsd=xsd2" >>> namespace="http://schemas.datacontract.org/2004/07/Pactual.SecureGat >>> ew >>> ay.Ser >>> vices.Contracts" /> >>> </xsd:schema> >>> </wsdl:types> >>> <wsdl:message >>> name="ISecGtwServiceContract_AuthenticateService_InputMessage"> >>> <wsdl:part name="parameters" element="tns:AuthenticateService" /> >>> </wsdl:message> >>> <wsdl:message >>> name="ISecGtwServiceContract_AuthenticateService_OutputMessage"> >>> <wsdl:part name="parameters" >> element="tns:AuthenticateServiceResponse" >>> /> >>> </wsdl:message> >>> <wsdl:message >>> name="ISecGtwServiceContract_ValidadeTokenService_InputMessage"> >>> <wsdl:part name="parameters" element="tns:ValidadeTokenService" /> >>> </wsdl:message> >>> <wsdl:message >>> name="ISecGtwServiceContract_ValidadeTokenService_OutputMessage"> >>> <wsdl:part name="parameters" >> element="tns:ValidadeTokenServiceResponse" >>> /> >>> </wsdl:message> >>> <wsdl:message name="ISecGtwServiceContract_WhoIAm_InputMessage"> >>> <wsdl:part name="parameters" element="tns:WhoIAm" /> >>> </wsdl:message> >>> <wsdl:message name="ISecGtwServiceContract_WhoIAm_OutputMessage"> >>> <wsdl:part name="parameters" element="tns:WhoIAmResponse" /> >>> </wsdl:message> >>> <wsdl:portType name="ISecGtwServiceContract"> >>> <wsdl:operation name="AuthenticateService"> >>> <wsdl:input >>> >> wsaw:Action="http://tempuri.org/ISecGtwServiceContract/AuthenticateSer >> vice >> " >>> message="tns:ISecGtwServiceContract_AuthenticateService_InputMessage" /> >>> <wsdl:output >>> wsaw:Action="http://tempuri.org/ISecGtwServiceContract/AuthenticateS >>> er >>> viceRe >>> sponse" >>> message="tns:ISecGtwServiceContract_AuthenticateService_OutputMessage" > /> >>> </wsdl:operation> >>> <wsdl:operation name="ValidadeTokenService"> >>> <wsdl:input >>> >> wsaw:Action=" >> http://tempuri.org/ISecGtwServiceContract/ValidadeTokenService"; >>> message="tns:ISecGtwServiceContract_ValidadeTokenService_InputMessage" > /> >>> <wsdl:output >>> wsaw:Action="http://tempuri.org/ISecGtwServiceContract/ValidadeToken >>> Se >>> rviceR >>> esponse" >>> message="tns:ISecGtwServiceContract_ValidadeTokenService_OutputMessage" >> /> >>> </wsdl:operation> >>> <wsdl:operation name="WhoIAm"> >>> <wsdl:input >>> wsaw:Action="http://tempuri.org/ISecGtwServiceContract/WhoIAm"; >>> message="tns:ISecGtwServiceContract_WhoIAm_InputMessage" /> >>> <wsdl:output >>> wsaw:Action="http://tempuri.org/ISecGtwServiceContract/WhoIAmResponse"; >>> message="tns:ISecGtwServiceContract_WhoIAm_OutputMessage" /> >>> </wsdl:operation> >>> </wsdl:portType> >>> <wsdl:binding name="CertificateEndPoint" >>> type="tns:ISecGtwServiceContract"> >>> <wsp:PolicyReference URI="#CertificateEndPoint_policy" /> >>> <soap12:binding transport="http://schemas.xmlsoap.org/soap/http"; /> >>> <wsdl:operation name="AuthenticateService"> >>> <soap12:operation >>> soapAction=" >> http://tempuri.org/ISecGtwServiceContract/AuthenticateService"; >>> style="document" /> >>> <wsdl:input> >>> <wsp:PolicyReference >>> URI="#CertificateEndPoint_AuthenticateService_Input_policy" /> >>> <soap12:body use="literal" /> >>> </wsdl:input> >>> <wsdl:output> >>> <wsp:PolicyReference >>> URI="#CertificateEndPoint_AuthenticateService_output_policy" /> >>> <soap12:body use="literal" /> >>> </wsdl:output> >>> </wsdl:operation> >>> <wsdl:operation name="ValidadeTokenService"> >>> <soap12:operation >>> >> soapAction="http://tempuri.org/ISecGtwServiceContract/ValidadeTokenSer >> vice >> " >>> style="document" /> >>> <wsdl:input> >>> <wsp:PolicyReference >>> URI="#CertificateEndPoint_ValidadeTokenService_Input_policy" /> >>> <soap12:body use="literal" /> >>> </wsdl:input> >>> <wsdl:output> >>> <wsp:PolicyReference >>> URI="#CertificateEndPoint_ValidadeTokenService_output_policy" /> >>> <soap12:body use="literal" /> >>> </wsdl:output> >>> </wsdl:operation> >>> <wsdl:operation name="WhoIAm"> >>> <soap12:operation >>> soapAction="http://tempuri.org/ISecGtwServiceContract/WhoIAm"; >>> style="document" /> >>> <wsdl:input> >>> <wsp:PolicyReference >> URI="#CertificateEndPoint_WhoIAm_Input_policy" >>> /> >>> <soap12:body use="literal" /> >>> </wsdl:input> >>> <wsdl:output> >>> <wsp:PolicyReference >> URI="#CertificateEndPoint_WhoIAm_output_policy" >>> /> >>> <soap12:body use="literal" /> >>> </wsdl:output> >>> </wsdl:operation> >>> </wsdl:binding> >>> <wsdl:service name="SecGtwService"> >>> <wsdl:port name="CertificateEndPoint" >> binding="tns:CertificateEndPoint"> >>> <soap12:address >>> location="http://nrio0230dco.pactual.net/services/SecureGateway/Caly >>> ps >>> oGatew >>> ayCert/SecGtwServiceHost.svc" /> >>> <wsa10:EndpointReference> >>> >>> <wsa10:Address>http://nrio0230dco.pactual.net/services/SecureGateway >>> /C >> >>> alypso GatewayCert/SecGtwServiceHost.svc</wsa10:Address> >> >>> <Identity >>> xmlns="http://schemas.xmlsoap.org/ws/2006/02/addressingidentity";> >>> <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig# >> <http://www.w3.org/2000/09/xmldsig> "> >>> <X509Data> >>> >>> <X509Certificate>MIIBxTCCAXOgAwIBAgIQoF4m3EAEm4RCITdLvQ/MxTAJBgUrDgM >>> CH >>> QUAMBY >>> xFDASBgNVBAMTC1Jvb3QgQWdlbmN5MB4XDTEyMDcxODAwMjQzN1oXDTM5MTIzMTIzNTk >>> 1O >>> VowKDE >>> mMCQGA1UEAxMdUGFjdHVhbC5TZWN1cmVHYXRld2F5LlNlcnZpY2UwgZ8wDQYJKoZIhvc >>> NA >>> QEBBQA >>> DgY0AMIGJAoGBAN7Bng23dMbhRgzQ3KuD1uox0MriWjJON3DL1tQsHqGqjE9ZiTeVnij >>> DE >>> Wxre93 >>> 8+/sELJ+Ru3mdoQae+ICfn3guBEwg80MBqeQlpNmWMssaKVWJAK5ur2YCo3UNoju2d+Z >>> 8+Eg >> >>> 8+D0 >>> 8+73tQ >>> 4MLp68a3TfUEKrzrBbXZQbFak8opoyCPhAgMBAAGjSzBJMEcGA1UdAQRAMD6AEBLkCS0 >>> GH >>> R1PAI1 >>> hIdwWZGOhGDAWMRQwEgYDVQQDEwtSb290IEFnZW5jeYIQBjdsAKoAZIoRz7jUqlw19DA >>> JB >>> gUrDgM >>> CHQUAA0EAVL4d3PW6GhtrfEyYBghg5SIzwrsaKUvOsudIEPuOH8xWPbkgyFszcxKJpOj >>> 2d xawvNv srBo8D62D9xUTMexQHw==</X509Certificate> >> >>> </X509Data> >>> </KeyInfo> >>> </Identity> >>> </wsa10:EndpointReference> >>> </wsdl:port> >>> </wsdl:service> >>> </wsdl:definitions> >>> >>> >>> -----Mensagem original----- >>> De: Colm O hEigeartaigh [mailto:[email protected]] >>> Enviada: terça-feira, 28 de agosto de 2012 14:45 >>> Para: [email protected] >>> Assunto: Re: Using cxf with X509v3 certificates >>> >>> Yes, CXF supports this configuration. Your WSDL did not make it >>> through though so I can't tell what the problem is. Try just copying >>> and pasting the security binding directly into an email? >>> >>> Colm. >>> >>> On Tue, Aug 28, 2012 at 6:20 PM, Nícolas Fontenele <[email protected]> >> wrote: >>> >>>> Hi all,**** >>>> >>>> ** ** >>>> >>>> I'm developing a client service to consume a .net service with >>>> x509v3 certificate using ws-security.**** >>>> >>>> The Service uses symmetric binding, with >>>> includeToken="prefix/AlwaysToRecipient" and a >>>> <sp:ProtectionToken>.**** >>>> >>>> I have two certificates, a *.pfx file and *.cer which I have to use >>>> to >>>> access.**** >>>> >>>> My wsdl is attached.**** >>>> >>>> My question is Does cxf supports this configuration?**** >>>> >>>> ** ** >>>> >>>> Best Regards,**** >>>> >>>> ** ** >>>> >>>> ** ** >>>> >>>> *Nícolas Fontenele* >>>> >>>> ** ** >>>> >>> >>> >>> -- >>> Colm O hEigeartaigh >>> >>> Talend Community Coder >>> http://coders.talend.com >>> >> >> >> >> >> -- >> Colm O hEigeartaigh >> >> Talend Community Coder >> http://coders.talend.com >> >> > > > -- > Colm O hEigeartaigh > > Talend Community Coder > http://coders.talend.com > -- Daniel Kulp [email protected] - http://dankulp.com/blog Talend Community Coder - http://coders.talend.com
