Is it Possible to use the CertificateStore as CryptoProvider and instantiate that with the X509Certificate that i retreive from the database?
Ted 2013/5/15 Colm O hEigeartaigh <cohei...@apache.org> > WSS4J uses a "Crypto" provider to retrieve certificates + private keys for > encrypting/signing etc. So to get a key from a database, you will have to > implement your own Crypto provider and plug it in to CXF/WSS4J. > > Colm. > > > On Wed, May 15, 2013 at 9:17 AM, Ted Roeloffzen <ted.roeloff...@gmail.com > >wrote: > > > We don't have a keystore, but the certificate is persisted in a database. > > I have to retrieve it from the database and give it to cxf, but is that > > even possible? > > I can't seem to find any documentation on that > > > > best regards, > > > > Ted > > > > > > 2013/5/15 Ted Roeloffzen <ted.roeloff...@gmail.com> > > > > > Okay thanks. > > > This is a first step. > > > My problem lies in the fact that the action is not Username_token, but > > > timestap signature > > > > > > best regards, > > > > > > Ted > > > > > > > > > 2013/5/15 Ted <r6squee...@gmail.com> > > > > > >> Not sure if this is the official way or not, but this is how I do it : > > >> > > >> AccountWsService service = new AccountWsService("...")); > > >> port = service.getAccountWsPort(); > > >> > > >> Client cxfClient = ClientProxy.getClient(port); > > >> cxfClient.getOutInterceptors().add(new > > >> AuthenticationOutWSS4JInterceptor(user, password)); > > >> > > >> where AuthenticationOutWSS4JInterceptor looks a little like : > > >> > > >> public class AuthenticationOutWSS4JInterceptor extends > > >> WSS4JOutInterceptor implements CallbackHandler > > >> { > > >> private String password = null; > > >> > > >> /** > > >> * @param user can be userId or userName, all depends > on > > >> what the > > >> received requires > > >> * @param password can be password or securityToken, > all > > >> depends on > > >> what the received requires > > >> */ > > >> public AuthenticationOutWSS4JInterceptor(Object user, > > >> String password) > > >> { > > >> this.password = password; > > >> > > >> HashMap<String, Object> properties = new > > >> HashMap<String, Object>(); > > >> properties.put(WSHandlerConstants.ACTION, > > >> WSHandlerConstants.USERNAME_TOKEN); > > >> properties.put(WSHandlerConstants.USER, > > >> user.toString()); > > >> > properties.put(WSHandlerConstants.PASSWORD_TYPE, > > >> WSConstants.PW_TEXT); > > >> > > >> properties.put(WSHandlerConstants.PW_CALLBACK_REF, this); > > >> > > >> setProperties(properties); > > >> } > > >> > > >> @Override > > >> public void handle(Callback[] callbacks) throws > > >> IOException, > > >> UnsupportedCallbackException > > >> { > > >> for (Callback callback : callbacks) > > >> { > > >> if (callback instanceof > > >> WSPasswordCallback) > > >> { > > >> WSPasswordCallback > > >> wsPasswordCallback = (WSPasswordCallback)callback; > > >> > > >> wsPasswordCallback.setPassword(password); > > >> } > > >> } > > >> } > > >> } > > >> > > >> On 5/14/13, Ted Roeloffzen <ted.roeloff...@gmail.com> wrote: > > >> > Good day all, > > >> > > > >> > At this moment I'm working on a webservice-client that has to use > > >> > WS-Security, but i can't seem to figure out how configure CXF that > it > > >> fills > > >> > the SOAP-header in the correct way. > > >> > We don't use Spring for the configuration, so everything has to be > > >> > configured via the API. > > >> > > > >> > We need to have a timestamp, a signature and also a binary security > > >> token. > > >> > The Canonicalization-algorithm is xml-exc-c14 > > >> > The signature-algorithm is RSA-SHA256 > > >> > > > >> > can someone point me in the right direction for this? > > >> > > > >> > I've already created a WSS4JInInterceptor and a WSS4JOutInterceptor. > > >> > Both with a properties-map containing an Action = Timestap > Signature, > > >> > signatureAlgorithm = " > > http://www.w3.org/2001/04/xmldsig-more#rsa-sha256 > > >> " > > >> > and signatureDigestAlgorithm = " > > http://www.w3.org/2001/04/xmlenc#sha256 > > >> " > > >> > > > >> > do I need to configure anymore other than adding a certificate to > the > > >> > keystore? > > >> > > > >> > thanks in advance. > > >> > > > >> > kind regards, > > >> > > > >> > Ted > > >> > > > >> > > >> > > >> -- > > >> Ted. > > >> > > > > > > > > > > > > -- > Colm O hEigeartaigh > > Talend Community Coder > http://coders.talend.com >