HI Rahul,
I don't understand any details of what you are trying to do but I
think you are trying to get access to a certificate so some parts of
the xml message can be signed.
In geronimo we have several gbeans to help with managing certificate
stores and trust stores. These are set up so that if you get a
reference to the appropriate gbean you should be able to access the
cerificate as needed with no further passwords or authentication
needed. While these are normally present in servers you can set one
up in an app client if you want.
The portal pages I think you are mentioning let you administer these
gbeans.
The jetty https connector is set up to use one of these gbeans, you
might find it a useful example of how to proceed for instance
HTTPSSelectChannelConnector and GeronimoSelectChannelSSLListener.
The central class is
org.apache.geronimo.management.geronimo.KeystoreManager implemented by
org.apache.geronimo.security.keystore.FileKeystoreManager in the
framework/modules/geronimo-security module.
I'd suspect you might want to get a KeystoreInstance from the
KeystoreManager and then get the Certificate you want from that.
Hope this helps,
david jencks
On Aug 11, 2009, at 2:15 PM, rahul.soa wrote:
Hello Jarek,
I hope you are doing well.
Presently, I am setting the signing at client side, I have a couple
of doubts.
I think, I can do something similar in the CXFPortMethodInterceptor
String signatureKeyIdentifier = (String)
properties.get("signatureKeyIdentifier");
String user = (String) properties.get("user");
//in case where <property name="wss4j.out.action">Signature</property>
if (containsValue(action, WSHandlerConstants.SIGNATURE)) {
// doubt about this, how CXFPortMethodInterceptor will know
about this
properties.put(WSHandlerConstants.SIG_PROP_FILE,
clientKeystore.properties");
// alias or user
properties.put(WSHandlerConstants.USER, user);
if(signatureKeyIdentifier.equals("DirectReference"))
properties.put(WSHandlerConstants.SIG_KEY_ID,
"DirectReference");
if(signatureKeyIdentifier.equals("IssuerSerial"))
properties.put(WSHandlerConstants.SIG_KEY_ID, "IssuerSerial");
//in order to obtain the key password for the private key
properties.put(WSHandlerConstants.PW_CALLBACK_CLASS,
ClientKeystorePasswordCallback.class.getName());
}
I think we should specify the following things in the <property>
under the <port> in the geronimo-web.xml at client side.
<property name="wss4j.out.action">Signature</property>
<property name="wss4j.out.user">myclientkey</property>
<property name="wss4j.out.signatureKeyIdentifier">IssuerSerial</
property>
can we set the keypassword too in the property? what other things we
should set in the property?
Question:1
Here, first thing is how we can provide signature property file, in
the above case "clientKeystore.properties". It should be at client
side. If this is in the client application written by the user then
how can we give the reference of this in the
CXFPortMethodInterceptor. In other words, where to set this property
properties.put(WSHandlerConstants.SIG_PROP_FILE,
clientKeystore.properties");
Question2:
For the ClientKeystorePasswordCallback, how can the client send the
keypassword,
through the geronimo-web.xml?
<property name="wss4j.out.keypass">keypass</property>
Another thing is, I noticed one thing, In geronimo server we have
these two following tabs under the
Security
Keystores
Certificate Authority
What are these for?
Thanks for your help.
Best Regards,
Rahul
PS: for signing and encryption, I think we need the bouncy castle
and the xalan jar files in the cxf plugin, I pulled them
