I'd say the easiest way is to create your own Crypto instance based on CertificateStore, and instantiate that directly in your crypto.properties. That way you don't need to change anything in CXF itself.
Colm. On Thu, May 23, 2013 at 2:01 PM, Ted Roeloffzen <[email protected]>wrote: > We have the certificates stored in a DB. > So in the interceptor i load the certificate, put it in a certificate > store and and the certificate store as Crypto object for the signature. > Is this the correct way or can't i use this in an interceptor or does the > interceptor have to have a different phase? > > kind regards, > > Ted > > > 2013/5/23 Ted Roeloffzen <[email protected]> > >> Okay thanks. >> >> Correct me if i'm wrong, but the only thing i have to do is add the >> interceptor that sets the correct certificate? >> >> kind regards, >> >> Ted >> >> >> 2013/5/23 Colm O hEigeartaigh <[email protected]> >> >>> You are using the older "Action" style configuration with >>> WS-SecurityPolicy, which doesn't work. With WS-SecurityPolicy you don't >>> tell it what security actions to perform, as the policy already contains >>> all of this information. You just need to let it know the correct >>> credentials for signing/encryption etc. >>> >>> See here for some information about configuration: >>> >>> http://cxf.apache.org/docs/ws-securitypolicy.html >>> >>> Colm. >>> >>> >>> On Thu, May 23, 2013 at 10:34 AM, Ted Roeloffzen >>> <[email protected]>wrote: >>> >>> > Hello all, >>> > >>> > I'm having al little difficulty setting up my client-webservice with >>> the >>> > correct settings. >>> > This is the main part of the WSDL that i have to comply to. >>> > >>> > <wsp:Policy wsu:Id=""> >>> > <wsp:ExactlyOne> >>> > <wsp:All> >>> > <sp:AsymmetricBinding xmlns:sp=" >>> > http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> >>> > <wsp:Policy> >>> > <sp:InitiatorToken> >>> > <wsp:Policy> >>> > <sp:X509Token sp:IncludeToken=" >>> > >>> > >>> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient >>> > "> >>> > <wsp:Policy> >>> > >>> <sp:RequireThumbprintReference/> >>> > <sp:WssX509V3Token10/> >>> > </wsp:Policy> >>> > </sp:X509Token> >>> > </wsp:Policy> >>> > </sp:InitiatorToken> >>> > <sp:RecipientToken> >>> > <wsp:Policy> >>> > <sp:X509Token sp:IncludeToken=" >>> > >>> > >>> http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToInitiator >>> > "> >>> > <wsp:Policy> >>> > >>> <sp:RequireThumbprintReference/> >>> > <sp:WssX509V3Token10/> >>> > </wsp:Policy> >>> > </sp:X509Token> >>> > </wsp:Policy> >>> > </sp:RecipientToken> >>> > <sp:AlgorithmSuite> >>> > <wsp:Policy> >>> > <sp:Basic256Sha256Rsa15/> >>> > </wsp:Policy> >>> > </sp:AlgorithmSuite> >>> > <sp:Layout> >>> > <wsp:Policy> >>> > <sp:Lax/> >>> > </wsp:Policy> >>> > </sp:Layout> >>> > <sp:IncludeTimestamp/> >>> > <sp:OnlySignEntireHeadersAndBody/> >>> > </wsp:Policy> >>> > </sp:AsymmetricBinding> >>> > </wsp:All> >>> > </wsp:ExactlyOne> >>> > </wsp:Policy> >>> > <wsp:Policy wsu:Id=""> >>> > <wsp:ExactlyOne> >>> > <wsp:All> >>> > <sp:SignedParts xmlns:sp=" >>> > http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> >>> > <sp:Body/> >>> > </sp:SignedParts> >>> > </wsp:All> >>> > </wsp:ExactlyOne> >>> > </wsp:Policy> >>> > >>> > i have deleted the id's, for the sake of our client. >>> > >>> > The problem is that i'm unable the setup the correct token inclusion >>> and so >>> > on. >>> > I can't seem to figure out which parameters have to be set with CXF. >>> > Since we don't use Spring, I have to configure everything through the >>> API. >>> > >>> > >>> > THis is what i have so far. >>> > Map<String, Object> outProps = new HashMap<String, Object>(); >>> > outProps.put(WSHandlerConstants.ACTION, >>> > WSHandlerConstants.TIMESTAMP + " " >>> > + WSHandlerConstants.SIGNATURE); >>> > outProps.put(WSHandlerConstants.SIG_ALGO, >>> > "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256";); >>> > outProps.put(WSHandlerConstants.SIG_DIGEST_ALGO, " >>> > http://www.w3.org/2001/04/xmlenc#sha256";); >>> > >>> > WSS4JOutInterceptor wssOut = new WSS4JOutInterceptor(outProps); >>> > client.getOutInterceptors().add(wssOut); >>> > >>> > And i'm adding a custom Interceptor that does this in the >>> handleMessage at >>> > the Pre_logical phase >>> > >>> > X509Certificate[] certificates = {holder.getCertificate()}; >>> > CertificateStore store = new CertificateStore(certificates); >>> > >>> > message.put(SecurityConstants.SIGNATURE_CRYPTO, store); >>> > >>> > Can one of you point me in the right direction? >>> > >>> > kind regards, >>> > >>> > Ted >>> > >>> >>> >>> >>> -- >>> Colm O hEigeartaigh >>> >>> Talend Community Coder >>> http://coders.talend.com >>> >> >> > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
