Indeed, WSS4J/CXF works fine here--it only needed key passwords when working with private keys (signing and decrypting.) My confusion was that our CXF test case had a common Password Callback handler--used by both client and service--which required it to hold both passwords.
Glen Glen Mazza wrote: > > I want to make sure it is unneeded for encryption, but retained for > signatures. > > I'm new at this, but encrypting, from the client's perspective, involves > working with the public key of the server. That public key is stored in a > trust store for the client. It should *not* require a callback password > to obtain the server's public key. As far as I can tell, callbacks for > key passwords should only be needed when working with private > keys--basically, when the client is signing the SOAP message with its own > private key. > > Thanks, > Glen > > > Fred Dushin-4 wrote: >> >> Okay, maybe I misunderstood your question, then. >> >> If you have to encrypt, then why are you trying to remove the callback? >> >> On Jul 24, 2008, at 11:10 PM, Glen Mazza wrote: >> >>> >>> No, my goal is Sig/Encrypt/Timestamp. Anyway, I'll continue coding >>> it, and >>> let you know if it turns out that WSS4J is asking for a key (not >>> keystore) >>> password to obtain a public certificate in a truststore. I don't >>> think it >>> will though. >>> >>> Thanks, >>> Glen >>> >>> >>> Fred Dushin-4 wrote: >>>> >>>> Are you sure a callback is needed if your action is only Signature >>>> (and Timestamp)? Y/Our client.xml [1] has Encrypt as an action. >>>> >>>> You should not need a callback for signature only, I'm pretty sure, >>>> though my experience has been writing against lower-level WSS4J APIs. >>>> >>>> Sorry, should be reading the CXF lists more closely... >>>> >>>> -Fred >>>> >>>> [1] >>>> http://svn.apache.org/viewvc/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/ws/security/client.xml?revision=679390&view=markup >>>> >>>> On Jul 24, 2008, at 5:53 PM, Glen Mazza wrote: >>>> >>>>> >>>>> Hello, I asked this question this morning on the CXF list--no >>>>> response--but >>>>> since it seems to be at least as much WSS4J related as CXF-related, >>>>> I was >>>>> wondering if anybody here could answer it: >>>>> >>>>> http://www.nabble.com/KeystorePasswordCallback-in-CXF%27s-WS-Security-sample-tc18631505.html >>>>> >>>>> Thanks, >>>>> Glen >>>>> -- >>>>> View this message in context: >>>>> http://www.nabble.com/Does-WSS4J-need-key-passwords-to-read-public-keys-from-a-truststore--tp18641318p18641318.html >>>>> Sent from the WSS4J mailing list archive at Nabble.com. >>>>> >>>>> >>>>> --------------------------------------------------------------------- >>>>> To unsubscribe, e-mail: [EMAIL PROTECTED] >>>>> For additional commands, e-mail: [EMAIL PROTECTED] >>>>> >>>>> >>>> >>>> >>>> --------------------------------------------------------------------- >>>> To unsubscribe, e-mail: [EMAIL PROTECTED] >>>> For additional commands, e-mail: [EMAIL PROTECTED] >>>> >>>> >>>> >>> >>> -- >>> View this message in context: >>> http://www.nabble.com/Does-WSS4J-need-key-passwords-to-read-public-keys-from-a-truststore--tp18641318p18644439.html >>> Sent from the WSS4J mailing list archive at Nabble.com. >>> >>> >>> --------------------------------------------------------------------- >>> To unsubscribe, e-mail: [EMAIL PROTECTED] >>> For additional commands, e-mail: [EMAIL PROTECTED] >>> >>> >> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: [EMAIL PROTECTED] >> For additional commands, e-mail: [EMAIL PROTECTED] >> >> >> > > -- View this message in context: http://www.nabble.com/Does-WSS4J-need-key-passwords-to-read-public-keys-from-a-truststore--tp18641318p18689211.html Sent from the WSS4J mailing list archive at Nabble.com. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
