Hello Hans,
Sorry, I got sidetracked for a little while.
I did look at this; it would be nice if I could do something like this as you
state:
clientOptions.serProperty( RampartMessageData.ENCRYPTION_CERTIFICATE, cert );
What I currently believe I have to do is something like this:
org.apache.axis2.client.ServiceClient SC = s._getServiceClient();
SC.getOptions().setTo(new
org.apache.axis2.addressing.EndpointReference(EndPtString));
SC.getOptions().setProperty(org.apache.axis2.transport.http.HTTPConstants.HTTP_PROTOCOL_VERSION,
org.apache.axis2.transport.http.HTTPConstants.HEADER_PROTOCOL_10);
StAXOMBuilder builder = new StAXOMBuilder();
Policy policy = PolicyEngine.getPolicy(builder.getDocumentElement());
RampartConfig rampartConfig = new RampartConfig();
rampartConfig.setUser("server");
rampartConfig.setEncryptionUser("server");
CryptoConfig encrCryptoConfig = new CryptoConfig();
encrCryptoConfig.setProvider("org.apache.ws.security.components.crypto.Merlin");
Properties prop = new Properties();
prop.put("org.apache.ws.security.crypto.merlin.keystore.type", "JKS");
prop.put("org.apache.ws.security.crypto.merlin.file", "/Keystore.jks");
prop.put("org.apache.ws.security.crypto.merlin.keystore.password",
"test");
encrCryptoConfig.setProp(prop);
rampartConfig.setEncrCryptoConfig(encrCryptoConfig);
policy.addAssertion(rampartConfig);
I am not able to get this working yet, though... Not sure where to set the
portion of the message to encrypt?!
I did not want to specify a policy.xml file. I don't understand it enough to
create one, and can't find any good documentation on it.... Javadocs for
rampart would be nice too...
There was enough in Axis2 to get me going without assistance. I'm just not
finding anything that seems to meet what I'm looking for in rampart....
Is there another option?
-P
----- Original Message ----
From: Hans Guldager Knudsen <[EMAIL PROTECTED]>
To: rampart-dev@ws.apache.org
Sent: Tuesday, December 18, 2007 8:01:52 AM
Subject: Re: [jira] Issue Comment Edited: (RAMPART-25) Abilty to dynamically
set Encryption certificate on client
Hi Pete!
I have only worked with the Policy based configuration, and only read
the source code for this. So I donot know how my 'hack' will work with
the only-style configuration...
Have you tried the method described in :
https://issues.apache.org/jira/browse/RAMPART-25
specifying 'useReqSigCert' + handing over the RECV_RESULTS property in
client could be working...
Could you post the Soap request/response ? Someone might be able to
find
the policy equivalent to your configuration..
/hans
Pete wrote:
> Hans, thanks for the reply!
>
> I am running v1.3 of Axis2/Rampart.
>
> To answer your questions:
> -Currently working towards policy.. Have been setting encryption in
the axis2.xml file temporarily.
> -All Sync for the forseeable future
> -Endpoint is set via code in the application
> -Yes, the number of services will be quickly increasing. (We have 30+
endpoints, each endpoint is similar to the other, and, each endpoint
will have 100 or more services in the end)
> -The server side of the process is not Axis*, it is all under zOS
(mainframe).
> -No signatures
> -Just encryption
>
> I am not sure that configuration in the policy file will work, is
this what you are recommending? Perhaps I don't understand it well enough,
unfortunately I don't seem to find enough information on it.
>
> Everything I need to know, I have in the application.
>
> Or are you implying to do it in code? If so, do I need a policy.xml
at all?
>
> Perhaps these questions are simple, I just have not been able to find
any good reference material that can help... I feel like I have
thoroughly searched the net....
>
> Again, thanks for the reply, I greatly appreciate the assistance!
> -P
>
>
> ----- Original Message ----
> From: Hans G Knudsen (JIRA) <[EMAIL PROTECTED]>
> To: rampart-dev@ws.apache.org
> Sent: Monday, December 17, 2007 4:10:43 AM
> Subject: [jira] Issue Comment Edited: (RAMPART-25) Abilty to
dynamically set Encryption certificate on client
>
>
>
> [
>
https://issues.apache.org/jira/browse/RAMPART-25?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12552362
> ]
>
> hgk.lenio edited comment on RAMPART-25 at 12/17/07 2:09 AM:
> -----------------------------------------------------------------
>
> HI Pete!
>
> What version of Axis2/Rampart are you running ? What policy are you
> using ? Are you running sync or async ?
>
> Does the number of services change often ?
>
>
> What could work now with Axis2 1.3 (depending on the above) would be
to
>
>
> - keep all the receiver certificates in the signatureCrypto
> - modify the value of the RampartConfig -> encryptionUser in your
> policy to match your receiver
> - and assign this policy to the service/operation before sending.
>
> /hans
>
> was (Author: hgk.lenio):
> HI Pete!
>
> What version of Axis/Rampart are you running ? What policy are you
> using ? Are you running sync or async ?
>
> Does the number of services change often ?
>
>
> What could work now (depending on the above) would be to
>
> - keep all the receiver certificates in the signatureCrypto
> - modify the value of the RampartConfig -> encryptionUser in your
> policy to match your receiver
> - and assign this policy to the service/operation before sending.
>
> /hans
>
>
>> Abilty to dynamically set Encryption certificate on client
>> ----------------------------------------------------------
>>
>> Key: RAMPART-25
>> URL:
https://issues.apache.org/jira/browse/RAMPART-25
>> Project: Rampart
>> Issue Type: Improvement
>> Components: rampart-core
>> Affects Versions: 1.1, 1.2, 1.3
>> Reporter: Hans G Knudsen
>>
>> Hi!
>> I was looking for a way to dynamically specify the encryption
>>
> certificate in a client, instead of specifying it statically in the
> RampartConfig by defining the 'encryptionUser'.
>
>> Looking at RampartUtil.setEncryptionUser it looked like the only way
>>
> to do it, was to resemble the 'useReqSigCert' option which makes the
> server use the received signature certificate for encryption on a
reply..
>
>> This would look something like this...
>> X509Certificate cert = fetchFromLdap( recipient );
>> Vector results = new Vector();
>> WSSecurityEngineResult wsser = new
>>
> WSSecurityEngineResult(WSConstants.SIGN, null, cert, null, new
byte[0]);
>
>> results.add( wsser );
>>
>> WSHandlerResult wshr = new WSHandlerResult("STRING",
>>
> results);
>
>> Vector resultObj = new Vector();
>> resultObj.add( wshr );
>>
>> clientOptions.setProperty(
>>
> WSHandlerConstants.RECV_RESULTS, resultObj );
>
>> Would It be usefull to be able to specify the certificate as a
>>
> Rampart parameter/property - something like :
>
>> clientOptions.serProperty(
>>
> RampartMessageData.ENCRYPTION_CERTIFICATE, cert );
>
>> and have RampartUtil check 'encryptionUser' for eg 'useParamCert'
and
>>
> use the transfered certificate for outgoing encryption.
>
>> Should I supply a proposal as a diff ??
>> /hans
>>
>
>
____________________________________________________________________________________
Never miss a thing. Make Yahoo your home page.
http://www.yahoo.com/r/hs
