Hi Ted, This blog can be helpful in case if you create and configure own Crypto provider: http://ashakirin.blogspot.de/2013/04/cxf-security-getting-certificates-from.html .
Regards, Andrei. > -----Original Message----- > From: Ted Roeloffzen [mailto:ted.roeloff...@gmail.com] > Sent: Donnerstag, 23. Mai 2013 20:37 > To: users; Colm O hEigeartaigh > Subject: Re: ws security > > At this moment i don't have a crypto.properties. > Is the existence of that file mandatory and what kind of properties are > required? > > Ted > > > 2013/5/23 Colm O hEigeartaigh <cohei...@apache.org> > > > I'd say the easiest way is to create your own Crypto instance based on > > CertificateStore, and instantiate that directly in your crypto.properties. > > That way you don't need to change anything in CXF itself. > > > > Colm. > > > > > > On Thu, May 23, 2013 at 2:01 PM, Ted Roeloffzen > > <ted.roeloff...@gmail.com > > >wrote: > > > > > We have the certificates stored in a DB. > > > So in the interceptor i load the certificate, put it in a > > > certificate store and and the certificate store as Crypto object for the > signature. > > > Is this the correct way or can't i use this in an interceptor or > > > does the interceptor have to have a different phase? > > > > > > kind regards, > > > > > > Ted > > > > > > > > > 2013/5/23 Ted Roeloffzen <ted.roeloff...@gmail.com> > > > > > >> Okay thanks. > > >> > > >> Correct me if i'm wrong, but the only thing i have to do is add the > > >> interceptor that sets the correct certificate? > > >> > > >> kind regards, > > >> > > >> Ted > > >> > > >> > > >> 2013/5/23 Colm O hEigeartaigh <cohei...@apache.org> > > >> > > >>> You are using the older "Action" style configuration with > > >>> WS-SecurityPolicy, which doesn't work. With WS-SecurityPolicy you > > >>> don't tell it what security actions to perform, as the policy > > >>> already > > contains > > >>> all of this information. You just need to let it know the correct > > >>> credentials for signing/encryption etc. > > >>> > > >>> See here for some information about configuration: > > >>> > > >>> http://cxf.apache.org/docs/ws-securitypolicy.html > > >>> > > >>> Colm. > > >>> > > >>> > > >>> On Thu, May 23, 2013 at 10:34 AM, Ted Roeloffzen > > >>> <ted.roeloff...@gmail.com>wrote: > > >>> > > >>> > Hello all, > > >>> > > > >>> > I'm having al little difficulty setting up my client-webservice > > >>> > with > > >>> the > > >>> > correct settings. > > >>> > This is the main part of the WSDL that i have to comply to. > > >>> > > > >>> > <wsp:Policy wsu:Id=""> > > >>> > <wsp:ExactlyOne> > > >>> > <wsp:All> > > >>> > <sp:AsymmetricBinding xmlns:sp=" > > >>> > http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> > > >>> > <wsp:Policy> > > >>> > <sp:InitiatorToken> > > >>> > <wsp:Policy> > > >>> > <sp:X509Token sp:IncludeToken=" > > >>> > > > >>> > > > >>> > > > http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Alwa > > ysToRecipient > > >>> > "> > > >>> > <wsp:Policy> > > >>> > > > >>> <sp:RequireThumbprintReference/> > > >>> > <sp:WssX509V3Token10/> > > >>> > </wsp:Policy> > > >>> > </sp:X509Token> > > >>> > </wsp:Policy> > > >>> > </sp:InitiatorToken> > > >>> > <sp:RecipientToken> > > >>> > <wsp:Policy> > > >>> > <sp:X509Token sp:IncludeToken=" > > >>> > > > >>> > > > >>> > > > http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Alwa > > ysToInitiator > > >>> > "> > > >>> > <wsp:Policy> > > >>> > > > >>> <sp:RequireThumbprintReference/> > > >>> > <sp:WssX509V3Token10/> > > >>> > </wsp:Policy> > > >>> > </sp:X509Token> > > >>> > </wsp:Policy> > > >>> > </sp:RecipientToken> > > >>> > <sp:AlgorithmSuite> > > >>> > <wsp:Policy> > > >>> > <sp:Basic256Sha256Rsa15/> > > >>> > </wsp:Policy> > > >>> > </sp:AlgorithmSuite> > > >>> > <sp:Layout> > > >>> > <wsp:Policy> > > >>> > <sp:Lax/> > > >>> > </wsp:Policy> > > >>> > </sp:Layout> > > >>> > <sp:IncludeTimestamp/> > > >>> > <sp:OnlySignEntireHeadersAndBody/> > > >>> > </wsp:Policy> > > >>> > </sp:AsymmetricBinding> > > >>> > </wsp:All> > > >>> > </wsp:ExactlyOne> > > >>> > </wsp:Policy> > > >>> > <wsp:Policy wsu:Id=""> > > >>> > <wsp:ExactlyOne> > > >>> > <wsp:All> > > >>> > <sp:SignedParts xmlns:sp=" > > >>> > http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> > > >>> > <sp:Body/> > > >>> > </sp:SignedParts> > > >>> > </wsp:All> > > >>> > </wsp:ExactlyOne> > > >>> > </wsp:Policy> > > >>> > > > >>> > i have deleted the id's, for the sake of our client. > > >>> > > > >>> > The problem is that i'm unable the setup the correct token > > >>> > inclusion > > >>> and so > > >>> > on. > > >>> > I can't seem to figure out which parameters have to be set with CXF. > > >>> > Since we don't use Spring, I have to configure everything > > >>> > through the > > >>> API. > > >>> > > > >>> > > > >>> > THis is what i have so far. > > >>> > Map<String, Object> outProps = new HashMap<String, Object>(); > > >>> > outProps.put(WSHandlerConstants.ACTION, > > >>> > WSHandlerConstants.TIMESTAMP + " " > > >>> > + WSHandlerConstants.SIGNATURE); > > >>> > outProps.put(WSHandlerConstants.SIG_ALGO, > > >>> > "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256";); > > >>> > outProps.put(WSHandlerConstants.SIG_DIGEST_ALGO, " > > >>> > http://www.w3.org/2001/04/xmlenc#sha256";); > > >>> > > > >>> > WSS4JOutInterceptor wssOut = new > > WSS4JOutInterceptor(outProps); > > >>> > client.getOutInterceptors().add(wssOut); > > >>> > > > >>> > And i'm adding a custom Interceptor that does this in the > > >>> handleMessage at > > >>> > the Pre_logical phase > > >>> > > > >>> > X509Certificate[] certificates = {holder.getCertificate()}; > > >>> > CertificateStore store = new > > >>> > CertificateStore(certificates); > > >>> > > > >>> > message.put(SecurityConstants.SIGNATURE_CRYPTO, store); > > >>> > > > >>> > Can one of you point me in the right direction? > > >>> > > > >>> > kind regards, > > >>> > > > >>> > Ted > > >>> > > > >>> > > >>> > > >>> > > >>> -- > > >>> Colm O hEigeartaigh > > >>> > > >>> Talend Community Coder > > >>> http://coders.talend.com > > >>> > > >> > > >> > > > > > > > > > -- > > Colm O hEigeartaigh > > > > Talend Community Coder > > http://coders.talend.com > >
