Hi, To do this with rampart, first you need to be able to express your requirements in WS-SecurityPolicy.
Since you mentioned the use of a symmetric key to sign (MAC) (as in 3.4 of [1]) I suppose you will have to try to use a SymmetricBinding policy (Example [2]). This will involve getting a token issued by an STS which will include the certificate, and a symmetric key (since you need this to sign/mac). This will be the IssuedToken specified in the policy. Then Rampart should be able to use the token and include it in the security header and sign using the given key value. I'm not sure whether this works, but I will take a crack at generating an example of this over the weekend. Thanks, Ruchith 1. https://www.oasis-open.org/committees/download.php/16790/wss-v1.1-spec-os-SOAPMessageSecurity.pdf 2. http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/ws-securitypolicy-1.2-spec-os.html#_Toc100567712 On Sun, Mar 17, 2013 at 3:10 AM, Abdelrahman Almahmoud <fire_storm5...@hotmail.com> wrote: > Thank you for the reply > > I understand the typical use of certificates as I have worked in security > for a while, it is a bit complicated to explain and I am not even sure if I > am allowed to discuss this so I will avoid talking about the architecture. I > appreciate the comments but as I mentioned, our use case is a little > different than usual. I am trying to avoid using SSL altogether because of > various reasons as well. > > What I simply want to do is give rampart my X.509 certificate and have it > send it to my target where I will try to have rampart do what I want or > simply write my own handler to make it do that. > > I also want rampart to sign that message using my own symmetric key. We have > our reasons to use symmetric keys here. If Rampart can't do this, can I > write a handler to do this my self and ask rampart to include this into the > SOAP message? > > > > > ________________________________ > From: mgai...@hotmail.com > To: java-dev@axis.apache.org > Subject: RE: Using Rampart to send a proxy certificate and sign using a > symmetric key > Date: Thu, 14 Mar 2013 06:32:42 -0400 > > > > ________________________________ > From: fire_storm5...@hotmail.com > To: java-dev@axis.apache.org > Subject: Using Rampart to send a proxy certificate and sign using a > symmetric key > Date: Thu, 14 Mar 2013 08:59:15 +0000 > > Hi > > > I have a bit of a unique situation, I am writing an Axis2 client and have to > follow a certain procedure. I would like to use Rampart to do the following, > > 1- I have a proxy certificate issued by a server for me, this certificate > has my username and the server's public key, I would like to have rampart to > send this certificate. > MG>A certificate is generally used by Browsers for verifiying you are who > you are and you wish to communicate to server with these specific > credentials > As far as I know, the samples only show how to have rampart use a > certificate from a key store > MG>from the trust-store called cacerts > > is there another way to do it? > MG>First step is to get the cert working to validate you to the external > interface > > MG>Second step is to setup a SSLv2 or SSLv3 session (using some known > transport) to the server > > 2- I would like Rampart to sign the request using a Symmetric key. As far as > I know, rampart takes the key from a key store but I am not sure how to ask > it to sign the request using this key and such > > The samples didn't help much with this and I am not sure where to find more > information > Any help is greatly appreciated > > MG>Read this cover to cover > http://download.java.net/jdk8/docs/technotes/guides/security/jsse/JSSERefGuide.html > > Thanks -- http://ruchith.org --------------------------------------------------------------------- To unsubscribe, e-mail: java-dev-unsubscr...@axis.apache.org For additional commands, e-mail: java-dev-h...@axis.apache.org
