It's <entry key="encryptionUser" value="useReqSigCert"/>.
Regards, Sebastian. On Fri, Mar 5, 2010 at 3:01 PM, Sebastian Krueger <[email protected]>wrote: > Hi guys, > > I'm currently developing a secure webservices scenario using Apache > CXF/WSS4J. > > We require all messages to be signed and encrypted. This includes both > messages to and from the server. > > I have gone through all the WS-Security examples in the Apache CXF Samples > directory and have been able to get most of this > functionality going. However, I can't seem to figure out how to encrypt > messages going back to the client, using the public certificate > that is provided in the inbound message's SOAP Header. > > To expand on this, the following is how it should work: > > 1. Client uses private key to generate signature and puts their public > certificate into the SOAP Header > 2. Client uses server's public key to encrypt message > 3. Client sends message to server > > 4. Server decrypts message with server's private key > 5. Server extracts clients public certificate from SOAP Header and verifies > validity with CA's public key > 6. Server uses clients public certificate from SOAP Header to verify > signature > > 7. Server generates response message > > 8. Server uses private key to generate signature and puts their public > certificate into the SOAP Header > 9. Server uses clients public certificate (from inbound SOAP Header) to > encrypt the signed message > 10. Server sends message client > > 11. Client decrypts message with their private key > 12. Client extracts server's public certificate from SOAP Header and > verifies validity with CA's public key > 13. Client uses signing certificate from SOAP Header to verify signature > > I have got most of this already working. > > However, how to do step 9 is not clear to me and I am seeking some advice > on how to do this. > > My existing implementation uses the following applicationContext.xml files: > > Client: http://pastebin.com/DQJadG7p > > Server: http://pastebin.com/cu3gVxSu > > Thanks for your help! > > Regards, sebastian.
