Yves, after looking at the params then, at least for encryption, its all ok. You specify "X509KeyIdentifier" for encryption. That means that the CERT is inserted in the way seen in the request. This method was specified in a previous version of the WSS specifications, the current specs don't mention it, mainly because of security reasons.
To achive the behaviour you would like (SubjectKeyIdentifier) you shall define "SKIKeyIdentifier" as the way to identify the key. Can you give it a try? Regards, Werner > -----Urspr�ngliche Nachricht----- > Von: Yves Langisch [mailto:[EMAIL PROTECTED] > Gesendet: Montag, 21. M�rz 2005 12:14 > An: Dittmann Werner > Cc: fx-dev > Betreff: Re: AW: SecurityTokenReference issue? > > > Werner, > > Here we go: > > private void setOptions() throws ConfigurationException { > this.setOption(WSHandlerConstants.MUST_UNDERSTAND, > > ApplicationProperties.instance().getProperty("security.piv.rec > eiver.securityhandler.mustunderstand")); > > // Use AES-256 > this.setOption(WSHandlerConstants.ENC_SYM_ALGO, > WSConstants.AES_256); > > Keystore > this.setOption(WSHandlerConstants.ENCRYPTION_USER, > > ApplicationProperties.instance().getProperty("security.piv.rec > eiver.encryptionhandler.alias")); > this.setOption(WSHandlerConstants.USER, > > ApplicationProperties.instance().getProperty("security.piv.rec > eiver.securityhandler.alias")); > > this.setOption(WSHandlerConstants.ENC_KEY_ID, > > ApplicationProperties.instance().getProperty("security.piv.rec > eiver.encryptionhandler.key.id")); > this.setOption(WSHandlerConstants.SIG_KEY_ID, > > ApplicationProperties.instance().getProperty("security.piv.rec > eiver.securityhandler.key.id")); > > this.setOption(WSHandlerConstants.SIGNATURE_PARTS, > > ApplicationProperties.instance().getProperty("security.piv.rec > eiver.securityhandler.parts")); > this.setOption(WSHandlerConstants.ENCRYPTION_PARTS, > > ApplicationProperties.instance().getProperty("security.piv.rec > eiver.encryptionhandler.parts")); > > this.setOption(WSHandlerConstants.ENC_PROP_FILE, > > ApplicationProperties.instance().getProperty("security.piv.rec > eiver.propfile")); > this.setOption(WSHandlerConstants.DEC_PROP_FILE, > > ApplicationProperties.instance().getProperty("security.piv.rec > eiver.propfile")); > this.setOption(WSHandlerConstants.SIG_PROP_FILE, > > ApplicationProperties.instance().getProperty("security.piv.rec > eiver.propfile")); > > this.setOption(WSHandlerConstants.PW_CALLBACK_CLASS, > > ApplicationProperties.instance().getProperty("security.piv.rec > eiver.password.callback.class")); > } > > > The properties above are set as follows: > > security.piv.receiver.propfile=receiver.secproperties > security.piv.receiver.password.callback.class=x.y.z.PWCallback > > security.piv.receiver.securityhandler.ttl=300 > > security.piv.receiver.securityhandler.parts={}{http://schemas. > xmlsoap.org/soap/envelope/}Body;{}{http://docs.oasis-open.org/ > wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp > security.piv.receiver.securityhandler.mustunderstand=false > security.piv.receiver.securityhandler.alias=refapp piv receiver > security.piv.receiver.securityhandler.key.id=DirectReference > > security.piv.receiver.encryptionhandler.parts={}{http://schema > s.xmlsoap.org/soap/envelope/}Body > security.piv.receiver.encryptionhandler.alias=refapp piv transmitter > security.piv.receiver.encryptionhandler.key.id=X509KeyIdentifier > > Regards, > Yves > > On Mon, 2005-03-21 at 07:41 +0100, Dittmann Werner wrote: > > Yves, > > > > can you send to deployment params you use? Did > > it work before, or did you modify some parts, > > e.g. downloadig a new version of WSS4J? > > > > Thanks, > > Werner > > > > > -----Urspr�ngliche Nachricht----- > > > Von: Yves Langisch [mailto:[EMAIL PROTECTED] > > > Gesendet: Freitag, 18. M�rz 2005 16:34 > > > An: fx-dev > > > Betreff: SecurityTokenReference issue? > > > > > > > > > All, > > > > > > If I use a reference to a subject key identifier I got the > > > following on > > > the wire: > > > > > > ... > > > <wsse:SecurityTokenReference><wsse:KeyIdentifier > > > EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200 > > > 401-wss-soap-message-security-1.0#Base64Binary" > > > ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401 > > > -wss-x509-token-profile-1.0#X509v3">MIID6TCCA1KgAwIBAgIBATANBg > > > kqhkiG9w0BAQQFADCBoDELMAkGA1UEBhMCQ0gxDTALBgNVBAgT > > > BEJlcm4xDTALBgNVBAcTBEJlcm4xEzARBgNVBAoTCml0U2VydmUgQUcxGDAWBg > > > NVBAsTD0xvaG5z > > > dGFuZGFyZC1DSDEcMBoGA1UEAxMTUmVmQXBwIFBJViBSZWNlaXZlcjEmMCQGCS > > > qGSIb3DQEJARYX > > > bG9obnN0YW5kYXJkQGl0c2VydmUuY2gwHhcNMDQwNzAyMDkwMzU3WhcNMDUwNz > > > AyMDkwMzU3WjCB > > > ....y0PZksq > > > +C8tEO3Xjukv83CklYo6KELoH83sBJBmiXFQs8ClGmBejn/RLnp</wsse:KeyI > > > dentifier></wsse:SecurityTokenReference> > > > </ds:KeyInfo> > > > ... > > > > > > Per the X.509 Certificate Token Profile (section 3.2.1) > the ValueType > > > attribute must be > > > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-t > > oken-profile-1.0#X509SubjectKeyIdentifier and should > contain the encoded SubjectKeyIdentifier of the certificate > and not the entire certificate as above. > > > > > > Is this a bug or am I wrong? > > > > Yves > > >
