It's required to configure a Crypto instance used for signature + to retrieve certificates. See the "Signing" section here for more information:
http://cxf.apache.org/docs/ws-security.html Colm. On Thu, May 23, 2013 at 7:37 PM, Ted Roeloffzen <[email protected]>wrote: > At this moment i don't have a crypto.properties. > Is the existence of that file mandatory and what kind of properties are > required? > > Ted > > > 2013/5/23 Colm O hEigeartaigh <[email protected]> > > > I'd say the easiest way is to create your own Crypto instance based on > > CertificateStore, and instantiate that directly in your > crypto.properties. > > That way you don't need to change anything in CXF itself. > > > > Colm. > > > > > > On Thu, May 23, 2013 at 2:01 PM, Ted Roeloffzen < > [email protected] > > >wrote: > > > > > We have the certificates stored in a DB. > > > So in the interceptor i load the certificate, put it in a certificate > > > store and and the certificate store as Crypto object for the signature. > > > Is this the correct way or can't i use this in an interceptor or does > the > > > interceptor have to have a different phase? > > > > > > kind regards, > > > > > > Ted > > > > > > > > > 2013/5/23 Ted Roeloffzen <[email protected]> > > > > > >> Okay thanks. > > >> > > >> Correct me if i'm wrong, but the only thing i have to do is add the > > >> interceptor that sets the correct certificate? > > >> > > >> kind regards, > > >> > > >> Ted > > >> > > >> > > >> 2013/5/23 Colm O hEigeartaigh <[email protected]> > > >> > > >>> You are using the older "Action" style configuration with > > >>> WS-SecurityPolicy, which doesn't work. With WS-SecurityPolicy you > don't > > >>> tell it what security actions to perform, as the policy already > > contains > > >>> all of this information. You just need to let it know the correct > > >>> credentials for signing/encryption etc. > > >>> > > >>> See here for some information about configuration: > > >>> > > >>> http://cxf.apache.org/docs/ws-securitypolicy.html > > >>> > > >>> Colm. > > >>> > > >>> > > >>> On Thu, May 23, 2013 at 10:34 AM, Ted Roeloffzen > > >>> <[email protected]>wrote: > > >>> > > >>> > Hello all, > > >>> > > > >>> > I'm having al little difficulty setting up my client-webservice > with > > >>> the > > >>> > correct settings. > > >>> > This is the main part of the WSDL that i have to comply to. > > >>> > > > >>> > <wsp:Policy wsu:Id=""> > > >>> > <wsp:ExactlyOne> > > >>> > <wsp:All> > > >>> > <sp:AsymmetricBinding xmlns:sp=" > > >>> > http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> > > >>> > <wsp:Policy> > > >>> > <sp:InitiatorToken> > > >>> > <wsp:Policy> > > >>> > <sp:X509Token sp:IncludeToken=" > > >>> > > > >>> > > > >>> > > > http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient > > >>> > "> > > >>> > <wsp:Policy> > > >>> > > > >>> <sp:RequireThumbprintReference/> > > >>> > <sp:WssX509V3Token10/> > > >>> > </wsp:Policy> > > >>> > </sp:X509Token> > > >>> > </wsp:Policy> > > >>> > </sp:InitiatorToken> > > >>> > <sp:RecipientToken> > > >>> > <wsp:Policy> > > >>> > <sp:X509Token sp:IncludeToken=" > > >>> > > > >>> > > > >>> > > > http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToInitiator > > >>> > "> > > >>> > <wsp:Policy> > > >>> > > > >>> <sp:RequireThumbprintReference/> > > >>> > <sp:WssX509V3Token10/> > > >>> > </wsp:Policy> > > >>> > </sp:X509Token> > > >>> > </wsp:Policy> > > >>> > </sp:RecipientToken> > > >>> > <sp:AlgorithmSuite> > > >>> > <wsp:Policy> > > >>> > <sp:Basic256Sha256Rsa15/> > > >>> > </wsp:Policy> > > >>> > </sp:AlgorithmSuite> > > >>> > <sp:Layout> > > >>> > <wsp:Policy> > > >>> > <sp:Lax/> > > >>> > </wsp:Policy> > > >>> > </sp:Layout> > > >>> > <sp:IncludeTimestamp/> > > >>> > <sp:OnlySignEntireHeadersAndBody/> > > >>> > </wsp:Policy> > > >>> > </sp:AsymmetricBinding> > > >>> > </wsp:All> > > >>> > </wsp:ExactlyOne> > > >>> > </wsp:Policy> > > >>> > <wsp:Policy wsu:Id=""> > > >>> > <wsp:ExactlyOne> > > >>> > <wsp:All> > > >>> > <sp:SignedParts xmlns:sp=" > > >>> > http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> > > >>> > <sp:Body/> > > >>> > </sp:SignedParts> > > >>> > </wsp:All> > > >>> > </wsp:ExactlyOne> > > >>> > </wsp:Policy> > > >>> > > > >>> > i have deleted the id's, for the sake of our client. > > >>> > > > >>> > The problem is that i'm unable the setup the correct token > inclusion > > >>> and so > > >>> > on. > > >>> > I can't seem to figure out which parameters have to be set with > CXF. > > >>> > Since we don't use Spring, I have to configure everything through > the > > >>> API. > > >>> > > > >>> > > > >>> > THis is what i have so far. > > >>> > Map<String, Object> outProps = new HashMap<String, Object>(); > > >>> > outProps.put(WSHandlerConstants.ACTION, > > >>> > WSHandlerConstants.TIMESTAMP + " " > > >>> > + WSHandlerConstants.SIGNATURE); > > >>> > outProps.put(WSHandlerConstants.SIG_ALGO, > > >>> > "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256";); > > >>> > outProps.put(WSHandlerConstants.SIG_DIGEST_ALGO, " > > >>> > http://www.w3.org/2001/04/xmlenc#sha256";); > > >>> > > > >>> > WSS4JOutInterceptor wssOut = new > > WSS4JOutInterceptor(outProps); > > >>> > client.getOutInterceptors().add(wssOut); > > >>> > > > >>> > And i'm adding a custom Interceptor that does this in the > > >>> handleMessage at > > >>> > the Pre_logical phase > > >>> > > > >>> > X509Certificate[] certificates = {holder.getCertificate()}; > > >>> > CertificateStore store = new > CertificateStore(certificates); > > >>> > > > >>> > message.put(SecurityConstants.SIGNATURE_CRYPTO, store); > > >>> > > > >>> > Can one of you point me in the right direction? > > >>> > > > >>> > kind regards, > > >>> > > > >>> > Ted > > >>> > > > >>> > > >>> > > >>> > > >>> -- > > >>> Colm O hEigeartaigh > > >>> > > >>> Talend Community Coder > > >>> http://coders.talend.com > > >>> > > >> > > >> > > > > > > > > > -- > > Colm O hEigeartaigh > > > > Talend Community Coder > > http://coders.talend.com > > > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
