We have the certificates stored in a DB. So in the interceptor i load the certificate, put it in a certificate store and and the certificate store as Crypto object for the signature. Is this the correct way or can't i use this in an interceptor or does the interceptor have to have a different phase?
kind regards, Ted 2013/5/23 Ted Roeloffzen <ted.roeloff...@gmail.com> > Okay thanks. > > Correct me if i'm wrong, but the only thing i have to do is add the > interceptor that sets the correct certificate? > > kind regards, > > Ted > > > 2013/5/23 Colm O hEigeartaigh <cohei...@apache.org> > >> You are using the older "Action" style configuration with >> WS-SecurityPolicy, which doesn't work. With WS-SecurityPolicy you don't >> tell it what security actions to perform, as the policy already contains >> all of this information. You just need to let it know the correct >> credentials for signing/encryption etc. >> >> See here for some information about configuration: >> >> http://cxf.apache.org/docs/ws-securitypolicy.html >> >> Colm. >> >> >> On Thu, May 23, 2013 at 10:34 AM, Ted Roeloffzen >> <ted.roeloff...@gmail.com>wrote: >> >> > Hello all, >> > >> > I'm having al little difficulty setting up my client-webservice with the >> > correct settings. >> > This is the main part of the WSDL that i have to comply to. >> > >> > <wsp:Policy wsu:Id=""> >> > <wsp:ExactlyOne> >> > <wsp:All> >> > <sp:AsymmetricBinding xmlns:sp=" >> > http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> >> > <wsp:Policy> >> > <sp:InitiatorToken> >> > <wsp:Policy> >> > <sp:X509Token sp:IncludeToken=" >> > >> > >> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient >> > "> >> > <wsp:Policy> >> > <sp:RequireThumbprintReference/> >> > <sp:WssX509V3Token10/> >> > </wsp:Policy> >> > </sp:X509Token> >> > </wsp:Policy> >> > </sp:InitiatorToken> >> > <sp:RecipientToken> >> > <wsp:Policy> >> > <sp:X509Token sp:IncludeToken=" >> > >> > >> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToInitiator >> > "> >> > <wsp:Policy> >> > <sp:RequireThumbprintReference/> >> > <sp:WssX509V3Token10/> >> > </wsp:Policy> >> > </sp:X509Token> >> > </wsp:Policy> >> > </sp:RecipientToken> >> > <sp:AlgorithmSuite> >> > <wsp:Policy> >> > <sp:Basic256Sha256Rsa15/> >> > </wsp:Policy> >> > </sp:AlgorithmSuite> >> > <sp:Layout> >> > <wsp:Policy> >> > <sp:Lax/> >> > </wsp:Policy> >> > </sp:Layout> >> > <sp:IncludeTimestamp/> >> > <sp:OnlySignEntireHeadersAndBody/> >> > </wsp:Policy> >> > </sp:AsymmetricBinding> >> > </wsp:All> >> > </wsp:ExactlyOne> >> > </wsp:Policy> >> > <wsp:Policy wsu:Id=""> >> > <wsp:ExactlyOne> >> > <wsp:All> >> > <sp:SignedParts xmlns:sp=" >> > http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> >> > <sp:Body/> >> > </sp:SignedParts> >> > </wsp:All> >> > </wsp:ExactlyOne> >> > </wsp:Policy> >> > >> > i have deleted the id's, for the sake of our client. >> > >> > The problem is that i'm unable the setup the correct token inclusion >> and so >> > on. >> > I can't seem to figure out which parameters have to be set with CXF. >> > Since we don't use Spring, I have to configure everything through the >> API. >> > >> > >> > THis is what i have so far. >> > Map<String, Object> outProps = new HashMap<String, Object>(); >> > outProps.put(WSHandlerConstants.ACTION, >> > WSHandlerConstants.TIMESTAMP + " " >> > + WSHandlerConstants.SIGNATURE); >> > outProps.put(WSHandlerConstants.SIG_ALGO, >> > "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256";); >> > outProps.put(WSHandlerConstants.SIG_DIGEST_ALGO, " >> > http://www.w3.org/2001/04/xmlenc#sha256";); >> > >> > WSS4JOutInterceptor wssOut = new WSS4JOutInterceptor(outProps); >> > client.getOutInterceptors().add(wssOut); >> > >> > And i'm adding a custom Interceptor that does this in the handleMessage >> at >> > the Pre_logical phase >> > >> > X509Certificate[] certificates = {holder.getCertificate()}; >> > CertificateStore store = new CertificateStore(certificates); >> > >> > message.put(SecurityConstants.SIGNATURE_CRYPTO, store); >> > >> > Can one of you point me in the right direction? >> > >> > kind regards, >> > >> > Ted >> > >> >> >> >> -- >> Colm O hEigeartaigh >> >> Talend Community Coder >> http://coders.talend.com >> > >
