Is it Possible to use the CertificateStore as CryptoProvider and
instantiate that with the X509Certificate that i retreive from the database?
Ted
2013/5/15 Colm O hEigeartaigh <cohei...@apache.org>
> WSS4J uses a "Crypto" provider to retrieve certificates + private keys for
> encrypting/signing etc. So to get a key from a database, you will have to
> implement your own Crypto provider and plug it in to CXF/WSS4J.
>
> Colm.
>
>
> On Wed, May 15, 2013 at 9:17 AM, Ted Roeloffzen <ted.roeloff...@gmail.com
> >wrote:
>
> > We don't have a keystore, but the certificate is persisted in a database.
> > I have to retrieve it from the database and give it to cxf, but is that
> > even possible?
> > I can't seem to find any documentation on that
> >
> > best regards,
> >
> > Ted
> >
> >
> > 2013/5/15 Ted Roeloffzen <ted.roeloff...@gmail.com>
> >
> > > Okay thanks.
> > > This is a first step.
> > > My problem lies in the fact that the action is not Username_token, but
> > > timestap signature
> > >
> > > best regards,
> > >
> > > Ted
> > >
> > >
> > > 2013/5/15 Ted <r6squee...@gmail.com>
> > >
> > >> Not sure if this is the official way or not, but this is how I do it :
> > >>
> > >> AccountWsService service = new AccountWsService("..."));
> > >> port = service.getAccountWsPort();
> > >>
> > >> Client cxfClient = ClientProxy.getClient(port);
> > >> cxfClient.getOutInterceptors().add(new
> > >> AuthenticationOutWSS4JInterceptor(user, password));
> > >>
> > >> where AuthenticationOutWSS4JInterceptor looks a little like :
> > >>
> > >> public class AuthenticationOutWSS4JInterceptor extends
> > >> WSS4JOutInterceptor implements CallbackHandler
> > >> {
> > >> private String password = null;
> > >>
> > >> /**
> > >> * @param user can be userId or userName, all depends
> on
> > >> what the
> > >> received requires
> > >> * @param password can be password or securityToken,
> all
> > >> depends on
> > >> what the received requires
> > >> */
> > >> public AuthenticationOutWSS4JInterceptor(Object user,
> > >> String password)
> > >> {
> > >> this.password = password;
> > >>
> > >> HashMap<String, Object> properties = new
> > >> HashMap<String, Object>();
> > >> properties.put(WSHandlerConstants.ACTION,
> > >> WSHandlerConstants.USERNAME_TOKEN);
> > >> properties.put(WSHandlerConstants.USER,
> > >> user.toString());
> > >>
> properties.put(WSHandlerConstants.PASSWORD_TYPE,
> > >> WSConstants.PW_TEXT);
> > >>
> > >> properties.put(WSHandlerConstants.PW_CALLBACK_REF, this);
> > >>
> > >> setProperties(properties);
> > >> }
> > >>
> > >> @Override
> > >> public void handle(Callback[] callbacks) throws
> > >> IOException,
> > >> UnsupportedCallbackException
> > >> {
> > >> for (Callback callback : callbacks)
> > >> {
> > >> if (callback instanceof
> > >> WSPasswordCallback)
> > >> {
> > >> WSPasswordCallback
> > >> wsPasswordCallback = (WSPasswordCallback)callback;
> > >>
> > >> wsPasswordCallback.setPassword(password);
> > >> }
> > >> }
> > >> }
> > >> }
> > >>
> > >> On 5/14/13, Ted Roeloffzen <ted.roeloff...@gmail.com> wrote:
> > >> > Good day all,
> > >> >
> > >> > At this moment I'm working on a webservice-client that has to use
> > >> > WS-Security, but i can't seem to figure out how configure CXF that
> it
> > >> fills
> > >> > the SOAP-header in the correct way.
> > >> > We don't use Spring for the configuration, so everything has to be
> > >> > configured via the API.
> > >> >
> > >> > We need to have a timestamp, a signature and also a binary security
> > >> token.
> > >> > The Canonicalization-algorithm is xml-exc-c14
> > >> > The signature-algorithm is RSA-SHA256
> > >> >
> > >> > can someone point me in the right direction for this?
> > >> >
> > >> > I've already created a WSS4JInInterceptor and a WSS4JOutInterceptor.
> > >> > Both with a properties-map containing an Action = Timestap
> Signature,
> > >> > signatureAlgorithm = "
> > http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
> > >> "
> > >> > and signatureDigestAlgorithm = "
> > http://www.w3.org/2001/04/xmlenc#sha256
> > >> "
> > >> >
> > >> > do I need to configure anymore other than adding a certificate to
> the
> > >> > keystore?
> > >> >
> > >> > thanks in advance.
> > >> >
> > >> > kind regards,
> > >> >
> > >> > Ted
> > >> >
> > >>
> > >>
> > >> --
> > >> Ted.
> > >>
> > >
> > >
> >
>
>
>
> --
> Colm O hEigeartaigh
>
> Talend Community Coder
> http://coders.talend.com
>
