username token with different signature user using deprecated configuration structures

Fri, 29 Jun 2007 09:21:38 -0700 

Hi,

I am trying to create a message with "Timestamp UsernameToken Signature"
actions using
the old deprecated InflowConfiguration() and OutflowConfiguration()
settings (please
no "switch to policy-based config" suggestions) and I am having a little
trouble making
it work when the subject in the wsse:UsernameToken needs to be different
than the one
signing the message.

Here is what I do:

OutflowConfiguration ofc = new OutflowConfiguration(2);
ofc.setActionItems("Timestamp UsernameToken");
ofc.setUser("joeshmoe");
ofc.setPasswordType(WSConstants.PW_TEXT);
myCallback.setUTUsername("joeschmoe");
myCallback.setUTPassword("joeschmoe's secret");
ofc.nextAction();
ofc.setUser("signature-joeshmoe");
ofc.setSignaturePropRefId("cyrpto_props");
ofc.setSignatureKeyIdentifier("DirectReference");
ofc.setOptimizeParts(...blah-blah...);
myCallback.setKeystorePassword("secret");
myCallback.setSignatureKeyAlias("joeshmoes-key-alias");
ofc.previousAction();  // to reset to the action list [0]

Properties cryptoProvider  = new Properties();
cryptoProvider.setProperty("org.apache.ws.security.crypto.provider",
"org.apache.ws.security.components.crypto.Merlin");
cryptoProvider.setProperty("org.apache.ws.security.crypto.merlin.file",
"c:/keystore.jks");
cryptoProvider.setProperty("org.apache.ws.security.crypto.merlin.keystor
e.type", "JKS");
cryptoProvider.setProperty("org.apache.ws.security.crypto.merlin.keystor
e.password", "secret");

options.put("cyrpto_props", cryptoProvider);
options.put(WSHandlerConstants.PW_CALLBACK_REF, myCallback);

// invoke

However, when I have two actions entries, the signature handler from
within wss4j is complaining that it cannot find
the crypto_props.

That works fine if I have 1 action entry (say "Timestamp UsernameToken
Signature").

Any ideas what do I need to do to pass the the crypto provider to the
signature handler?

I am using Rampart 1.2 btw...

Thanks in advance!

George



**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. Any unauthorized review, use, disclosure or distribution is 
prohibited. If you are not the intended recipient, please contact the sender by 
reply e-mail and destroy all copies of the original message.


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to