Re: Q: WS-Security X.509 Certificate Token Profile

[adam_j_bradley]

Fred,

Thanks for the tip. Forgive me (I'm most likely wrong!) but that looked like
a Username token not an X.509 token request. I've been digging around in
http://xfire.codehaus.org/WS-Security but I can't see any wisdom there.

Anything else?
:)

Sincerely,
Ada



Fred Dushin-3 wrote:
 
 All I can recommend is that you have a look at the WS-Security system  
 test in CXF:
 
 http://svn.apache.org/repos/asf/incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/ws/security/
 
 It's based loosely off a WS-Security interoperability scenario with  
 WCF, and uses signature with the DirectReference method, which will  
 send the client's X.509 certificate directly in the SOAP header.
 

-- 
View this message in context: 
http://www.nabble.com/Q%3A-WS-Security-X.509-Certificate-Token-Profile-tp16656740p16671272.html
Sent from the cxf-user mailing list archive at Nabble.com.

Re: Q: WS-Security X.509 Certificate Token Profile

[Fred Dushin]

Even this?

!-- --
!-- This bean is an Out interceptor which will add a Timestamp,  
--

!-- sign the Timstamp and Body, and then encrypt the Timestamp --
!-- and Body.  It uses 3DES as the symmetric key algorithm. --
!-- --
bean
class=org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor
id=TimestampSignEncrypt_Request
constructor-arg
map
entry key=action value=Timestamp Signature  
Encrypt/
!-- entry key=action value=Timestamp Signature/ 
 --

entry key=user value=alice/
entry key=signaturePropFile value=org/apache/cxf/ 
systest/ws/security/alice.properties/
entry key=encryptionPropFile value=org/apache/cxf/ 
systest/ws/security/bob.properties/

entry key=encryptionUser value=Bob/
entry key=signatureKeyIdentifier  
value=DirectReference/
entry key=passwordCallbackClass  
value=org.apache.cxf.systest.ws.security.KeystorePasswordCallback/
entry key=signatureParts value={Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd 
}Timestamp;{Element}{http://schemas.xmlsoap.org/soap/envelope/}Body/

!-- --
!-- Recommendation: signatures should be encrypted --
!-- --
entry key=encryptionParts value={Element}{http://www.w3.org/2000/09/xmldsig# 
}Signature;{Content}{http://schemas.xmlsoap.org/soap/envelope/}Body/
!-- entry key=encryptionKeyTransportAlgorithm  
value=RSA15/ --
entry key=encryptionSymAlgorithm value=http://www.w3.org/2001/04/xmlenc#tripledes-cbc 
/

/map
/constructor-arg
/bean

!-- --
!-- This bean is an In interceptor which validated a signed, --
!-- encrypted resposne, and timestamped. --
!-- --
!-- --
bean
class=org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor
id=TimestampSignEncrypt_Response
constructor-arg
map
entry key=action value=Timestamp Signature  
Encrypt/
entry key=signaturePropFile value=org/apache/cxf/ 
systest/ws/security/bob.properties/
entry key=decryptionPropFile value=org/apache/cxf/ 
systest/ws/security/alice.properties/
entry key=passwordCallbackClass  
value=org.apache.cxf.systest.ws.security.KeystorePasswordCallback/

/map
/constructor-arg
/bean


On Apr 14, 2008, at 2:51 AM, adam_j_bradley wrote:


Fred,

Thanks for the tip. Forgive me (I'm most likely wrong!) but that  
looked like
a Username token not an X.509 token request. I've been digging  
around in
http://xfire.codehaus.org/WS-Security but I can't see any wisdom  
there.


Anything else?
:)

Sincerely,
Ada



Fred Dushin-3 wrote:


All I can recommend is that you have a look at the WS-Security system
test in CXF:

http://svn.apache.org/repos/asf/incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/ws/security/

It's based loosely off a WS-Security interoperability scenario with
WCF, and uses signature with the DirectReference method, which will
send the client's X.509 certificate directly in the SOAP header.



--
View this message in context: 
http://www.nabble.com/Q%3A-WS-Security-X.509-Certificate-Token-Profile-tp16656740p16671272.html
Sent from the cxf-user mailing list archive at Nabble.com.

Re: Q: WS-Security X.509 Certificate Token Profile

[Fred Dushin]

All I can recommend is that you have a look at the WS-Security system  
test in CXF:


http://svn.apache.org/repos/asf/incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/ws/security/

It's based loosely off a WS-Security interoperability scenario with  
WCF, and uses signature with the DirectReference method, which will  
send the client's X.509 certificate directly in the SOAP header.


-Fred

On Apr 13, 2008, at 3:59 AM, adam_j_bradley wrote:


After finally working out the remote web service required the use of  
the
WS-Security X.509 Certificate Token Profile (duh!) I've been eagerly  
trying

to find a working example.

I have found
http://www.nabble.com/client-SSL-question-td15564062.html#a15769013  
- thanks
Khaled! - which describes which covers off the use of the  
USERNAME_TOKEN but
not the use of an X.509 Certificate. I did a bit of digging around  
in the
test cases for both CXF and WSS4J and I'm sure there's an example  
there, but

I couldn't find it.

Any help/advice greatly appreciated.

Thanks in advance.
Adam
--
View this message in context: 
http://www.nabble.com/Q%3A-WS-Security-X.509-Certificate-Token-Profile-tp16656740p16656740.html
Sent from the cxf-user mailing list archive at Nabble.com.