Hans, thanks for the reply!
I am running v1.3 of Axis2/Rampart.
To answer your questions:
-Currently working towards policy.. Have been setting encryption in the
axis2.xml file temporarily.
-All Sync for the forseeable future
-Endpoint is set via code in the application
-Yes, the number of services will be quickly increasing. (We have 30+
endpoints, each endpoint is similar to the other, and, each endpoint will have
100 or more services in the end)
-The server side of the process is not Axis*, it is all under zOS (mainframe).
-No signatures
-Just encryption
I am not sure that configuration in the policy file will work, is this what you
are recommending? Perhaps I don't understand it well enough, unfortunately I
don't seem to find enough information on it.
Everything I need to know, I have in the application.
Or are you implying to do it in code? If so, do I need a policy.xml at all?
Perhaps these questions are simple, I just have not been able to find any good
reference material that can help... I feel like I have thoroughly searched the
net....
Again, thanks for the reply, I greatly appreciate the assistance!
-P
----- Original Message ----
From: Hans G Knudsen (JIRA) <[EMAIL PROTECTED]>
To: rampart-dev@ws.apache.org
Sent: Monday, December 17, 2007 4:10:43 AM
Subject: [jira] Issue Comment Edited: (RAMPART-25) Abilty to dynamically set
Encryption certificate on client
[
https://issues.apache.org/jira/browse/RAMPART-25?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12552362
]
hgk.lenio edited comment on RAMPART-25 at 12/17/07 2:09 AM:
-----------------------------------------------------------------
HI Pete!
What version of Axis2/Rampart are you running ? What policy are you
using ? Are you running sync or async ?
Does the number of services change often ?
What could work now with Axis2 1.3 (depending on the above) would be to
- keep all the receiver certificates in the signatureCrypto
- modify the value of the RampartConfig -> encryptionUser in your
policy to match your receiver
- and assign this policy to the service/operation before sending.
/hans
was (Author: hgk.lenio):
HI Pete!
What version of Axis/Rampart are you running ? What policy are you
using ? Are you running sync or async ?
Does the number of services change often ?
What could work now (depending on the above) would be to
- keep all the receiver certificates in the signatureCrypto
- modify the value of the RampartConfig -> encryptionUser in your
policy to match your receiver
- and assign this policy to the service/operation before sending.
/hans
Abilty to dynamically set Encryption certificate on client
----------------------------------------------------------
Key: RAMPART-25
URL: https://issues.apache.org/jira/browse/RAMPART-25
Project: Rampart
Issue Type: Improvement
Components: rampart-core
Affects Versions: 1.1, 1.2, 1.3
Reporter: Hans G Knudsen
Hi!
I was looking for a way to dynamically specify the encryption
certificate in a client, instead of specifying it statically in the
RampartConfig by defining the 'encryptionUser'.
Looking at RampartUtil.setEncryptionUser it looked like the only way
to do it, was to resemble the 'useReqSigCert' option which makes the
server use the received signature certificate for encryption on a reply..
This would look something like this...
X509Certificate cert = fetchFromLdap( recipient );
Vector results = new Vector();
WSSecurityEngineResult wsser = new
WSSecurityEngineResult(WSConstants.SIGN, null, cert, null, new byte[0]);
results.add( wsser );
WSHandlerResult wshr = new WSHandlerResult("STRING",
results);
Vector resultObj = new Vector();
resultObj.add( wshr );
clientOptions.setProperty(
WSHandlerConstants.RECV_RESULTS, resultObj );
Would It be usefull to be able to specify the certificate as a
Rampart parameter/property - something like :
clientOptions.serProperty(
RampartMessageData.ENCRYPTION_CERTIFICATE, cert );
and have RampartUtil check 'encryptionUser' for eg 'useParamCert' and
use the transfered certificate for outgoing encryption.
Should I supply a proposal as a diff ??
/hans
