Re: Q: WS-Security X.509 Certificate Token Profile

Mon, 14 Apr 2008 12:35:59 -0700 

Even this?

    <!-- -->
<!-- This bean is an Out interceptor which will add a Timestamp, --> 
    <!-- sign the Timstamp and Body, and then encrypt the Timestamp -->
    <!-- and Body.  It uses 3DES as the symmetric key algorithm. -->
    <!-- -->
    <bean
        class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor"
        id="TimestampSignEncrypt_Request">
        <constructor-arg>
            <map>
<entry key="action" value="Timestamp Signature Encrypt"/> <!-- <entry key="action" value="Timestamp Signature"/ > --> 
                <entry key="user" value="alice"/>
<entry key="signaturePropFile" value="org/apache/cxf/ systest/ws/security/alice.properties"/> <entry key="encryptionPropFile" value="org/apache/cxf/ systest/ws/security/bob.properties"/> 
                <entry key="encryptionUser" value="Bob"/>
<entry key="signatureKeyIdentifier" value="DirectReference"/> <entry key="passwordCallbackClass" value="org.apache.cxf.systest.ws.security.KeystorePasswordCallback"/> <entry key="signatureParts" value="{Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd }Timestamp;{Element}{http://schemas.xmlsoap.org/soap/envelope/}Body"/> 
                <!-- -->
                <!-- Recommendation: signatures should be encrypted -->
                <!-- -->
<entry key="encryptionParts" value="{Element}{http://www.w3.org/2000/09/xmldsig# }Signature;{Content}{http://schemas.xmlsoap.org/soap/envelope/}Body"/> <!-- <entry key="encryptionKeyTransportAlgorithm" value="RSA15"/> --> <entry key="encryptionSymAlgorithm" value="http://www.w3.org/2001/04/xmlenc#tripledes-cbc "/> 
            </map>
        </constructor-arg>
    </bean>

    <!-- -->
    <!-- This bean is an In interceptor which validated a signed, -->
    <!-- encrypted resposne, and timestamped. -->
    <!-- -->
    <!-- -->
    <bean
        class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor"
        id="TimestampSignEncrypt_Response">
        <constructor-arg>
            <map>
<entry key="action" value="Timestamp Signature Encrypt"/> <entry key="signaturePropFile" value="org/apache/cxf/ systest/ws/security/bob.properties"/> <entry key="decryptionPropFile" value="org/apache/cxf/ systest/ws/security/alice.properties"/> <entry key="passwordCallbackClass" value="org.apache.cxf.systest.ws.security.KeystorePasswordCallback"/> 
            </map>
        </constructor-arg>
    </bean>


On Apr 14, 2008, at 2:51 AM, adam_j_bradley wrote:


Fred,
Thanks for the tip. Forgive me (I'm most likely wrong!) but that looked like a Username token not an X.509 token request. I've been digging around in http://xfire.codehaus.org/WS-Security but I can't see any wisdom there. 

Anything else?
:)

Sincerely,
Ada



Fred Dushin-3 wrote:


All I can recommend is that you have a look at the WS-Security system
test in CXF:

http://svn.apache.org/repos/asf/incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/ws/security/

It's based loosely off a WS-Security interoperability scenario with
WCF, and uses signature with the DirectReference method, which will
send the client's X.509 certificate directly in the SOAP header.



--
View this message in context: 
http://www.nabble.com/Q%3A-WS-Security-X.509-Certificate-Token-Profile-tp16656740p16671272.html
Sent from the cxf-user mailing list archive at Nabble.com.

Reply via email to