That depends partly on how you are using the toolkit, and if your
client is also willing to do message signature with the private key
associated with the public key with which you would like the server
will encrypt the response.
If you're writing to the low-level APIs (primarily the classes in
org.apache.ws.security.message, then yes, I think you should be able
to do this. Your client will need to use the DirectReference
KeyIdentifier when signing (and presumably encrypting) the request,
so that the certificate gets sent as a BinarySecurityToken in the
security header. After processing the security headers, the signing
certificate should be available on the results vector, in which case
you can turn around and use (the public key in) that certificate to
do the encryption of the response. You may need to fudge things a
bit, though, to get a Keystore set up with all the right pieces
(viz., the certificate you received), but it otherwise should be doable.
The next release of WSS4J should actually make construction of a
Crypto a tiny bit easier in a scenario like this, because you can now
instantiate a Crypto using a previously instantiated Keystore.
-Fred
On May 1, 2007, at 7:15 AM, Wacław Borowiec wrote:
Hello
I want to provide a service with two-way encryption. I don't want
client's public key to be permanently stored on server's side. Is
it possible to fetch client's certificate when he sends the request
and use it for encryption of the answer?
I'll be grateful for any help
Waclaw Borowiec
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
