Thank you for the reply, this sounds like what I want to do I just want to clarify one thing. We have our own STS which uses Bouncycastle library to generate a certificate and a Key to send to the clientSo the client now has a Proxy Certificate (Only public key is known to the client, no private key supplied) and a secret symmetric key. One of the things that confused me is how Rampart reads these information, I got them in byte form but I am unsure how to direct rampart to them or ask them to use these Sincerely,
> Date: Tue, 19 Mar 2013 17:32:11 -0400 > Subject: Re: Using Rampart to send a proxy certificate and sign using a > symmetric key > From: ruchith.ferna...@gmail.com > To: java-dev@axis.apache.org > > Hi, > > To do this with rampart, first you need to be able to express your > requirements in WS-SecurityPolicy. > > Since you mentioned the use of a symmetric key to sign (MAC) (as in > 3.4 of [1]) I suppose you will have to try to use a SymmetricBinding > policy (Example [2]). This will involve getting a token issued by an > STS which will include the certificate, and a symmetric key (since you > need this to sign/mac). This will be the IssuedToken specified in the > policy. > > Then Rampart should be able to use the token and include it in the > security header and sign using the given key value. > > I'm not sure whether this works, but I will take a crack at generating > an example of this over the weekend. > > Thanks, > Ruchith > > 1. > https://www.oasis-open.org/committees/download.php/16790/wss-v1.1-spec-os-SOAPMessageSecurity.pdf > 2. > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/ws-securitypolicy-1.2-spec-os.html#_Toc100567712 > > On Sun, Mar 17, 2013 at 3:10 AM, Abdelrahman Almahmoud > <fire_storm5...@hotmail.com> wrote: > > Thank you for the reply > > > > I understand the typical use of certificates as I have worked in security > > for a while, it is a bit complicated to explain and I am not even sure if I > > am allowed to discuss this so I will avoid talking about the architecture. I > > appreciate the comments but as I mentioned, our use case is a little > > different than usual. I am trying to avoid using SSL altogether because of > > various reasons as well. > > > > What I simply want to do is give rampart my X.509 certificate and have it > > send it to my target where I will try to have rampart do what I want or > > simply write my own handler to make it do that. > > > > I also want rampart to sign that message using my own symmetric key. We have > > our reasons to use symmetric keys here. If Rampart can't do this, can I > > write a handler to do this my self and ask rampart to include this into the > > SOAP message? > > > > > > > > > > ________________________________ > > From: mgai...@hotmail.com > > To: java-dev@axis.apache.org > > Subject: RE: Using Rampart to send a proxy certificate and sign using a > > symmetric key > > Date: Thu, 14 Mar 2013 06:32:42 -0400 > > > > > > > > ________________________________ > > From: fire_storm5...@hotmail.com > > To: java-dev@axis.apache.org > > Subject: Using Rampart to send a proxy certificate and sign using a > > symmetric key > > Date: Thu, 14 Mar 2013 08:59:15 +0000 > > > > Hi > > > > > > I have a bit of a unique situation, I am writing an Axis2 client and have to > > follow a certain procedure. I would like to use Rampart to do the following, > > > > 1- I have a proxy certificate issued by a server for me, this certificate > > has my username and the server's public key, I would like to have rampart to > > send this certificate. > > MG>A certificate is generally used by Browsers for verifiying you are who > > you are and you wish to communicate to server with these specific > > credentials > > As far as I know, the samples only show how to have rampart use a > > certificate from a key store > > MG>from the trust-store called cacerts > > > > is there another way to do it? > > MG>First step is to get the cert working to validate you to the external > > interface > > > > MG>Second step is to setup a SSLv2 or SSLv3 session (using some known > > transport) to the server > > > > 2- I would like Rampart to sign the request using a Symmetric key. As far as > > I know, rampart takes the key from a key store but I am not sure how to ask > > it to sign the request using this key and such > > > > The samples didn't help much with this and I am not sure where to find more > > information > > Any help is greatly appreciated > > > > MG>Read this cover to cover > > http://download.java.net/jdk8/docs/technotes/guides/security/jsse/JSSERefGuide.html > > > > Thanks > > > > -- > http://ruchith.org > > --------------------------------------------------------------------- > To unsubscribe, e-mail: java-dev-unsubscr...@axis.apache.org > For additional commands, e-mail: java-dev-h...@axis.apache.org >
