You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cxf.apache.org by Nícolas Fontenele <nf...@cpqi.com> on 2012/08/28 19:20:25 UTC
Using cxf with X509v3 certificates
Hi all,
Im developing a client service to consume a .net service with x509v3
certificate using ws-security.
The Service uses symmetric binding, with
includeToken=prefix/AlwaysToRecipient and a <sp:ProtectionToken>.
I have two certificates, a *.pfx file and *.cer which I have to use to
access.
My wsdl is attached.
My question is Does cxf supports this configuration?
Best Regards,
Nícolas Fontenele
RE: Using cxf with X509v3 certificates
Posted by Nícolas Fontenele <nf...@cpqi.com>.
Thanks Glen.
Yes, i Tried to not mix wss4j and wss-policy, I configure wss4j properties
just like
This link you sent me, thats why I wonder if it really supports this
certificate version.
If I set only wss4j properties, I get an exception saying ''No signature
Token'', so I put an empty SecurityToken in the requestContext and I see
That my wss4j properties are read, but after I get a null pointer exception
because the token dont have nothing inside.
If somebody knows some configuration should I take would be nice to know.
Thanks!
-----Mensagem original-----
De: Glen Mazza [mailto:gmazza@talend.com]
Enviada: terça-feira, 28 de agosto de 2012 15:21
Para: users@cxf.apache.org
Assunto: Re: Using cxf with X509v3 certificates
The two articles here at link #14 might help:
http://www.jroller.com/gmazza/entry/blog_article_index
Make sure you're not mixing up the WSS4J and WS-SecurityPolicy methods, if
you're using the latter don't configure like the former.
Glen
On 08/28/2012 01:20 PM, Nícolas Fontenele wrote:
>
> Hi all,
>
> I'm developing a client service to consume a .net service with x509v3
> certificate using ws-security.
>
> The Service uses symmetric binding, with
> includeToken="prefix/AlwaysToRecipient" and a <sp:ProtectionToken>.
>
> I have two certificates, a *.pfx file and *.cer which I have to use to
> access.
>
> My wsdl is attached.
>
> My question is Does cxf supports this configuration?
>
> Best Regards,
>
> *Nícolas Fontenele*
>
Re: Using cxf with X509v3 certificates
Posted by Glen Mazza <gm...@talend.com>.
The two articles here at link #14 might help:
http://www.jroller.com/gmazza/entry/blog_article_index
Make sure you're not mixing up the WSS4J and WS-SecurityPolicy methods,
if you're using the latter don't configure like the former.
Glen
On 08/28/2012 01:20 PM, Nícolas Fontenele wrote:
>
> Hi all,
>
> I'm developing a client service to consume a .net service with x509v3
> certificate using ws-security.
>
> The Service uses symmetric binding, with
> includeToken="prefix/AlwaysToRecipient" and a <sp:ProtectionToken>.
>
> I have two certificates, a *.pfx file and *.cer which I have to use to
> access.
>
> My wsdl is attached.
>
> My question is Does cxf supports this configuration?
>
> Best Regards,
>
> *Nícolas Fontenele*
>
Re: Using cxf with X509v3 certificates
Posted by Glen Mazza <gm...@talend.com>.
The blog entry I had given you earlier in this thread should cover your
needs. I don't know how to implement it the way you're envisioning it
should be implemented, but perhaps others can help you in that regard.
Glen
On 08/29/2012 04:19 PM, Nícolas Fontenele wrote:
> Thanks Glenn, Do you know some examples of WS-SecPol only?
> What I did is set some properties in the request context that I saw in the
> documentation http://cxf.apache.org/docs/ws-securitypolicy.html .
> Funny thing is that cxf asks for this property below:
>
> Map<String, Object> ctx = ((BindingProvider) port).getRequestContext();
>
> ctx.put("ws-security.token", new SecurityToken());
>
> which isnt wrote in the documentation. Do you have any ideia which token
> should I put there?
>
> Best Regards,
>
> Nícolas Fontenele
>
>
> -----Mensagem original-----
> De: Glen Mazza [mailto:gmazza@talend.com]
> Enviada: terça-feira, 28 de agosto de 2012 16:43
> Para: users@cxf.apache.org
> Assunto: Re: Using cxf with X509v3 certificates
>
> From your earlier email you're using WS-SecurityPolicy in your WSDL, so you
> shouldn't be using the WSS4J Out/In interceptors--that's strictly for
> non-WS-SecPol use.
>
> Glen
>
> On 08/28/2012 03:28 PM, Nícolas Fontenele wrote:
>> Im also adding my code here .
>> Thanks!!
>>
>> public class Client {
>>
>> private static final String WSU_NS =
>> "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-ut
>> ility-
>> 1.0.xsd";
>>
>> public static void main(String args[]) {
>>
>> try {
>> // 02c6b75f-5fc8-4c05-a79f-78fa1ded10e1
>> WSS4JOutInterceptor wssOut = createOutProperties();
>> WSS4JInInterceptor wssIn = createInProperties();
>>
>> SecGtwService service = new SecGtwService(
>> new java.net.URL(
>>
>> "http://nrio083fcom.develop.net/services/SecureGateway/CalypsoGatewayC
>> ert/Se
>> cGtwServiceHost.svc?wsdl"));
>> ISecGtwServiceContract port =
>> service.getCertificateEndPoint();
>>
>> org.apache.cxf.endpoint.Client client =
>> ClientProxy.getClient(port);
>>
>> client.getInInterceptors().add(wssIn);
>> client.getOutInterceptors().add(wssOut);
>>
>> Map<String, Object> ctx = ((BindingProvider) port)
>> .getRequestContext();
>>
>> ctx.put("ws-security.token", new SecurityToken());
>> System.out.println(port.whoIAm());
>>
>> } catch (MalformedURLException e) {
>> // TODO Auto-generated catch block
>> e.printStackTrace();
>> }
>>
>> }
>>
>> private static WSS4JInInterceptor createInProperties() {
>> Map<String, Object> inProps = new HashMap<String, Object>();
>> inProps.put(WSHandlerConstants.ACTION,
>> "UsernameToken Timestamp Signature Encrypt");
>> inProps.put("passwordType", "PasswordText");
>> inProps.put("passwordCallbackClass",
>> ClientPasswordCallback.class.getName());
>> inProps.put("decryptionPropFile", "etc/client_enc.properties");
>> inProps.put("encryptionKeyIdentifier", "IssuerSerial");
>>
>> inProps.put("signaturePropFile", "etc/client_sign.properties");
>> inProps.put("signatureKeyIdentifier", "DirectReference");
>>
>> return new WSS4JInInterceptor(inProps);
>>
>> }
>>
>> private static WSS4JOutInterceptor createOutProperties() {
>> Map<String, Object> outProps = new HashMap<String, Object>();
>> outProps.put(WSHandlerConstants.ACTION,
>> "UsernameToken Timestamp Signature Encrypt");
>> outProps.put("passwordType", "PasswordDigest");
>>
>> outProps.put(WSHandlerConstants.USER,
>> "02c6b75f-5fc8-4c05-a79f-78fa1ded10e1");
>> outProps.put(WSHandlerConstants.PW_CALLBACK_CLASS,
>> ClientPasswordCallback.class.getName());
>>
>> outProps.put("encryptionUser", "pub");
>> outProps.put(WSHandlerConstants.ENC_PROP_FILE,
>> "etc/client_enc.properties");
>>
>> outProps.put("encryptionKeyIdentifier", "IssuerSerial");
>> outProps.put("encryptionParts", "{Element}{" + WSU_NS +
>> "}Timestamp;"
>> + "{Content}" +
>> "{http://www.w3.org/2003/05/soap-envelope}Body");
>>
>> outProps.put(WSHandlerConstants.SIG_PROP_FILE,
>> "etc/client_sign.properties");
>>
>> outProps.put("signatureKeyIdentifier", "DirectReference");
>> outProps.put("signatureParts", "{Element}{" + WSU_NS + "}Timestamp;"
>> + "{Element}" +
>> "{http://www.w3.org/2003/05/soap-envelope}Body");
>>
>> return new WSS4JOutInterceptor(outProps);
>>
>> }
>>
>> -----Mensagem original-----
>> De: Nícolas Fontenele [mailto:nfrota@cpqi.com]
>> Enviada: terça-feira, 28 de agosto de 2012 15:11
>> Para: users@cxf.apache.org; coheigea@apache.org
>> Assunto: RE: Using cxf with X509v3 certificates
>>
>> Thanks for the answer, I'll paste wsdl here.
>> What I have been trying is use wss4j interceptors as I can see in some
>> examples.
>> I imported both certificates on my keystore and I can see debugging
>> that the password handler get the keys from that.
>> My problem right now is that CXF is expecting an initial token ( of a
>> class SecurityToken ) on the request context property
>> ''ws-security.token''. I saw it debugging.
>> Is correct to use this property?
>> I saw in ws security samples that only set properties on the
>> interceptors and not in the requestcontext of the client.
>> And if this behavior is correct, How can I create this token? Should
>> I use another property?
>>
>> Wsdl is below, any idea?
>> Thanks!
>>
>> <?xml version="1.0" encoding="utf-8"?> <wsdl:definitions
>> xmlns:wsap="http://schemas.xmlsoap.org/ws/2004/08/addressing/policy"
>> xmlns:wsa10="http://www.w3.org/2005/08/addressing"
>> xmlns:tns="http://tempuri.org/"
>> xmlns:msc="http://schemas.microsoft.com/ws/2005/12/wsdl/contract"
>> xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/"
>> xmlns:wsx="http://schemas.xmlsoap.org/ws/2004/09/mex"
>> xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
>> xmlns:wsam="http://www.w3.org/2007/05/addressing/metadata"
>> xmlns:soap12="http://schemas.xmlsoap.org/wsdl/soap12/"
>> xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"
>> xmlns:wsaw="http://www.w3.org/2006/05/addressing/wsdl"
>> xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/"
>> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wss
>> ecurit y-utility-1.0.xsd" xmlns:xsd="http://www.w3.org/2001/XMLSchema"
>> name="SecGtwService" targetNamespace="http://tempuri.org/"
>> xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">
>> <wsp:Policy wsu:Id="CertificateEndPoint_policy">
>> <wsp:ExactlyOne>
>> <wsp:All>
>> <sp:SymmetricBinding
>> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
>> <wsp:Policy>
>> <sp:ProtectionToken>
>> <wsp:Policy>
>> <sp:SecureConversationToken
>> sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/
>> Includ
>> eToken/AlwaysToRecipient">
>> <wsp:Policy>
>> <sp:RequireDerivedKeys />
>> <sp:BootstrapPolicy>
>> <wsp:Policy>
>> <sp:SignedParts>
>> <sp:Body />
>> <sp:Header Name="To"
>> Namespace="http://www.w3.org/2005/08/addressing" />
>> <sp:Header Name="From"
>> Namespace="http://www.w3.org/2005/08/addressing" />
>> <sp:Header Name="FaultTo"
>> Namespace="http://www.w3.org/2005/08/addressing" />
>> <sp:Header Name="ReplyTo"
>> Namespace="http://www.w3.org/2005/08/addressing" />
>> <sp:Header Name="MessageID"
>> Namespace="http://www.w3.org/2005/08/addressing" />
>> <sp:Header Name="RelatesTo"
>> Namespace="http://www.w3.org/2005/08/addressing" />
>> <sp:Header Name="Action"
>> Namespace="http://www.w3.org/2005/08/addressing" />
>> </sp:SignedParts>
>> <sp:EncryptedParts>
>> <sp:Body />
>> </sp:EncryptedParts>
>> <sp:SymmetricBinding>
>> <wsp:Policy>
>> <sp:ProtectionToken>
>> <wsp:Policy>
>> <mssp:SslContextToken
>> sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/
>> Includ
>> eToken/AlwaysToRecipient"
>> xmlns:mssp="http://schemas.microsoft.com/ws/2005/07/securitypolicy">
>> <wsp:Policy>
>> <sp:RequireDerivedKeys />
>> <mssp:RequireClientCertificate />
>> </wsp:Policy>
>> </mssp:SslContextToken>
>> </wsp:Policy>
>> </sp:ProtectionToken>
>> <sp:AlgorithmSuite>
>> <wsp:Policy>
>> <sp:Basic256 />
>> </wsp:Policy>
>> </sp:AlgorithmSuite>
>> <sp:Layout>
>> <wsp:Policy>
>> <sp:Strict />
>> </wsp:Policy>
>> </sp:Layout>
>> <sp:IncludeTimestamp />
>> <sp:EncryptSignature />
>> <sp:OnlySignEntireHeadersAndBody />
>> </wsp:Policy>
>> </sp:SymmetricBinding>
>> <sp:Wss11>
>> <wsp:Policy />
>> </sp:Wss11>
>> <sp:Trust10>
>> <wsp:Policy>
>> <sp:MustSupportIssuedTokens />
>> <sp:RequireClientEntropy />
>> <sp:RequireServerEntropy />
>> </wsp:Policy>
>> </sp:Trust10>
>> </wsp:Policy>
>> </sp:BootstrapPolicy>
>> </wsp:Policy>
>> </sp:SecureConversationToken>
>> </wsp:Policy>
>> </sp:ProtectionToken>
>> <sp:AlgorithmSuite>
>> <wsp:Policy>
>> <sp:Basic256 />
>> </wsp:Policy>
>> </sp:AlgorithmSuite>
>> <sp:Layout>
>> <wsp:Policy>
>> <sp:Strict />
>> </wsp:Policy>
>> </sp:Layout>
>> <sp:IncludeTimestamp />
>> <sp:EncryptSignature />
>> <sp:OnlySignEntireHeadersAndBody />
>> </wsp:Policy>
>> </sp:SymmetricBinding>
>> <sp:Wss11
>> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
>> <wsp:Policy />
>> </sp:Wss11>
>> <sp:Trust10
>> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
>> <wsp:Policy>
>> <sp:MustSupportIssuedTokens />
>> <sp:RequireClientEntropy />
>> <sp:RequireServerEntropy />
>> </wsp:Policy>
>> </sp:Trust10>
>> <wsaw:UsingAddressing />
>> </wsp:All>
>> </wsp:ExactlyOne>
>> </wsp:Policy>
>> <wsp:Policy
> wsu:Id="CertificateEndPoint_AuthenticateService_Input_policy">
>> <wsp:ExactlyOne>
>> <wsp:All>
>> <sp:SignedParts
>> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
>> <sp:Body />
>> <sp:Header Name="To"
>> Namespace="http://www.w3.org/2005/08/addressing" />
>> <sp:Header Name="From"
>> Namespace="http://www.w3.org/2005/08/addressing" />
>> <sp:Header Name="FaultTo"
>> Namespace="http://www.w3.org/2005/08/addressing" />
>> <sp:Header Name="ReplyTo"
>> Namespace="http://www.w3.org/2005/08/addressing" />
>> <sp:Header Name="MessageID"
>> Namespace="http://www.w3.org/2005/08/addressing" />
>> <sp:Header Name="RelatesTo"
>> Namespace="http://www.w3.org/2005/08/addressing" />
>> <sp:Header Name="Action"
>> Namespace="http://www.w3.org/2005/08/addressing" />
>> </sp:SignedParts>
>> <sp:EncryptedParts
>> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
>> <sp:Body />
>> </sp:EncryptedParts>
>> </wsp:All>
>> </wsp:ExactlyOne>
>> </wsp:Policy>
>> <wsp:Policy
>> wsu:Id="CertificateEndPoint_AuthenticateService_output_policy">
>> <wsp:ExactlyOne>
>> <wsp:All>
>> <sp:SignedParts
>> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
>> <sp:Body />
>> <sp:Header Name="To"
>> Namespace="http://www.w3.org/2005/08/addressing" />
>> <sp:Header Name="From"
>> Namespace="http://www.w3.org/2005/08/addressing" />
>> <sp:Header Name="FaultTo"
>> Namespace="http://www.w3.org/2005/08/addressing" />
>> <sp:Header Name="ReplyTo"
>> Namespace="http://www.w3.org/2005/08/addressing" />
>> <sp:Header Name="MessageID"
>> Namespace="http://www.w3.org/2005/08/addressing" />
>> <sp:Header Name="RelatesTo"
>> Namespace="http://www.w3.org/2005/08/addressing" />
>> <sp:Header Name="Action"
>> Namespace="http://www.w3.org/2005/08/addressing" />
>> </sp:SignedParts>
>> <sp:EncryptedParts
>> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
>> <sp:Body />
>> </sp:EncryptedParts>
>> </wsp:All>
>> </wsp:ExactlyOne>
>> </wsp:Policy>
>> <wsp:Policy
>> wsu:Id="CertificateEndPoint_ValidadeTokenService_Input_policy">
>> <wsp:ExactlyOne>
>> <wsp:All>
>> <sp:SignedParts
>> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
>> <sp:Body />
>> <sp:Header Name="To"
>> Namespace="http://www.w3.org/2005/08/addressing" />
>> <sp:Header Name="From"
>> Namespace="http://www.w3.org/2005/08/addressing" />
>> <sp:Header Name="FaultTo"
>> Namespace="http://www.w3.org/2005/08/addressing" />
>> <sp:Header Name="ReplyTo"
>> Namespace="http://www.w3.org/2005/08/addressing" />
>> <sp:Header Name="MessageID"
>> Namespace="http://www.w3.org/2005/08/addressing" />
>> <sp:Header Name="RelatesTo"
>> Namespace="http://www.w3.org/2005/08/addressing" />
>> <sp:Header Name="Action"
>> Namespace="http://www.w3.org/2005/08/addressing" />
>> </sp:SignedParts>
>> <sp:EncryptedParts
>> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
>> <sp:Body />
>> </sp:EncryptedParts>
>> </wsp:All>
>> </wsp:ExactlyOne>
>> </wsp:Policy>
>> <wsp:Policy
>> wsu:Id="CertificateEndPoint_ValidadeTokenService_output_policy">
>> <wsp:ExactlyOne>
>> <wsp:All>
>> <sp:SignedParts
>> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
>> <sp:Body />
>> <sp:Header Name="To"
>> Namespace="http://www.w3.org/2005/08/addressing" />
>> <sp:Header Name="From"
>> Namespace="http://www.w3.org/2005/08/addressing" />
>> <sp:Header Name="FaultTo"
>> Namespace="http://www.w3.org/2005/08/addressing" />
>> <sp:Header Name="ReplyTo"
>> Namespace="http://www.w3.org/2005/08/addressing" />
>> <sp:Header Name="MessageID"
>> Namespace="http://www.w3.org/2005/08/addressing" />
>> <sp:Header Name="RelatesTo"
>> Namespace="http://www.w3.org/2005/08/addressing" />
>> <sp:Header Name="Action"
>> Namespace="http://www.w3.org/2005/08/addressing" />
>> </sp:SignedParts>
>> <sp:EncryptedParts
>> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
>> <sp:Body />
>> </sp:EncryptedParts>
>> </wsp:All>
>> </wsp:ExactlyOne>
>> </wsp:Policy>
>> <wsp:Policy wsu:Id="CertificateEndPoint_WhoIAm_Input_policy">
>> <wsp:ExactlyOne>
>> <wsp:All>
>> <sp:SignedParts
>> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
>> <sp:Body />
>> <sp:Header Name="To"
>> Namespace="http://www.w3.org/2005/08/addressing" />
>> <sp:Header Name="From"
>> Namespace="http://www.w3.org/2005/08/addressing" />
>> <sp:Header Name="FaultTo"
>> Namespace="http://www.w3.org/2005/08/addressing" />
>> <sp:Header Name="ReplyTo"
>> Namespace="http://www.w3.org/2005/08/addressing" />
>> <sp:Header Name="MessageID"
>> Namespace="http://www.w3.org/2005/08/addressing" />
>> <sp:Header Name="RelatesTo"
>> Namespace="http://www.w3.org/2005/08/addressing" />
>> <sp:Header Name="Action"
>> Namespace="http://www.w3.org/2005/08/addressing" />
>> </sp:SignedParts>
>> <sp:EncryptedParts
>> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
>> <sp:Body />
>> </sp:EncryptedParts>
>> </wsp:All>
>> </wsp:ExactlyOne>
>> </wsp:Policy>
>> <wsp:Policy wsu:Id="CertificateEndPoint_WhoIAm_output_policy">
>> <wsp:ExactlyOne>
>> <wsp:All>
>> <sp:SignedParts
>> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
>> <sp:Body />
>> <sp:Header Name="To"
>> Namespace="http://www.w3.org/2005/08/addressing" />
>> <sp:Header Name="From"
>> Namespace="http://www.w3.org/2005/08/addressing" />
>> <sp:Header Name="FaultTo"
>> Namespace="http://www.w3.org/2005/08/addressing" />
>> <sp:Header Name="ReplyTo"
>> Namespace="http://www.w3.org/2005/08/addressing" />
>> <sp:Header Name="MessageID"
>> Namespace="http://www.w3.org/2005/08/addressing" />
>> <sp:Header Name="RelatesTo"
>> Namespace="http://www.w3.org/2005/08/addressing" />
>> <sp:Header Name="Action"
>> Namespace="http://www.w3.org/2005/08/addressing" />
>> </sp:SignedParts>
>> <sp:EncryptedParts
>> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
>> <sp:Body />
>> </sp:EncryptedParts>
>> </wsp:All>
>> </wsp:ExactlyOne>
>> </wsp:Policy>
>> <wsdl:types>
>> <xsd:schema targetNamespace="http://tempuri.org/Imports">
>> <xsd:import
>> schemaLocation="http://nrio0230dco.pactual.net/services/SecureGateway/
>> Calyps oGatewayCert/SecGtwServiceHost.svc?xsd=xsd0"
>> namespace="http://tempuri.org/"
>> />
>> <xsd:import
>> schemaLocation="http://nrio0230dco.pactual.net/services/SecureGateway/
>> Calyps oGatewayCert/SecGtwServiceHost.svc?xsd=xsd1"
>> namespace="http://schemas.microsoft.com/2003/10/Serialization/" />
>> <xsd:import
>> schemaLocation="http://nrio0230dco.pactual.net/services/SecureGateway/
>> Calyps oGatewayCert/SecGtwServiceHost.svc?xsd=xsd2"
>> namespace="http://schemas.datacontract.org/2004/07/Pactual.SecureGatew
>> ay.Ser
>> vices.Contracts" />
>> </xsd:schema>
>> </wsdl:types>
>> <wsdl:message
>> name="ISecGtwServiceContract_AuthenticateService_InputMessage">
>> <wsdl:part name="parameters" element="tns:AuthenticateService" />
>> </wsdl:message>
>> <wsdl:message
>> name="ISecGtwServiceContract_AuthenticateService_OutputMessage">
>> <wsdl:part name="parameters"
> element="tns:AuthenticateServiceResponse"
>> />
>> </wsdl:message>
>> <wsdl:message
>> name="ISecGtwServiceContract_ValidadeTokenService_InputMessage">
>> <wsdl:part name="parameters" element="tns:ValidadeTokenService" />
>> </wsdl:message>
>> <wsdl:message
>> name="ISecGtwServiceContract_ValidadeTokenService_OutputMessage">
>> <wsdl:part name="parameters"
> element="tns:ValidadeTokenServiceResponse"
>> />
>> </wsdl:message>
>> <wsdl:message name="ISecGtwServiceContract_WhoIAm_InputMessage">
>> <wsdl:part name="parameters" element="tns:WhoIAm" />
>> </wsdl:message>
>> <wsdl:message name="ISecGtwServiceContract_WhoIAm_OutputMessage">
>> <wsdl:part name="parameters" element="tns:WhoIAmResponse" />
>> </wsdl:message>
>> <wsdl:portType name="ISecGtwServiceContract">
>> <wsdl:operation name="AuthenticateService">
>> <wsdl:input
>>
> wsaw:Action="http://tempuri.org/ISecGtwServiceContract/AuthenticateService"
>> message="tns:ISecGtwServiceContract_AuthenticateService_InputMessage" />
>> <wsdl:output
>> wsaw:Action="http://tempuri.org/ISecGtwServiceContract/AuthenticateSer
>> viceRe
>> sponse"
>> message="tns:ISecGtwServiceContract_AuthenticateService_OutputMessage" />
>> </wsdl:operation>
>> <wsdl:operation name="ValidadeTokenService">
>> <wsdl:input
>>
> wsaw:Action="http://tempuri.org/ISecGtwServiceContract/ValidadeTokenService"
>> message="tns:ISecGtwServiceContract_ValidadeTokenService_InputMessage" />
>> <wsdl:output
>> wsaw:Action="http://tempuri.org/ISecGtwServiceContract/ValidadeTokenSe
>> rviceR
>> esponse"
>> message="tns:ISecGtwServiceContract_ValidadeTokenService_OutputMessage" />
>> </wsdl:operation>
>> <wsdl:operation name="WhoIAm">
>> <wsdl:input
>> wsaw:Action="http://tempuri.org/ISecGtwServiceContract/WhoIAm"
>> message="tns:ISecGtwServiceContract_WhoIAm_InputMessage" />
>> <wsdl:output
>> wsaw:Action="http://tempuri.org/ISecGtwServiceContract/WhoIAmResponse"
>> message="tns:ISecGtwServiceContract_WhoIAm_OutputMessage" />
>> </wsdl:operation>
>> </wsdl:portType>
>> <wsdl:binding name="CertificateEndPoint"
>> type="tns:ISecGtwServiceContract">
>> <wsp:PolicyReference URI="#CertificateEndPoint_policy" />
>> <soap12:binding transport="http://schemas.xmlsoap.org/soap/http" />
>> <wsdl:operation name="AuthenticateService">
>> <soap12:operation
>> soapAction="http://tempuri.org/ISecGtwServiceContract/AuthenticateService"
>> style="document" />
>> <wsdl:input>
>> <wsp:PolicyReference
>> URI="#CertificateEndPoint_AuthenticateService_Input_policy" />
>> <soap12:body use="literal" />
>> </wsdl:input>
>> <wsdl:output>
>> <wsp:PolicyReference
>> URI="#CertificateEndPoint_AuthenticateService_output_policy" />
>> <soap12:body use="literal" />
>> </wsdl:output>
>> </wsdl:operation>
>> <wsdl:operation name="ValidadeTokenService">
>> <soap12:operation
>>
> soapAction="http://tempuri.org/ISecGtwServiceContract/ValidadeTokenService"
>> style="document" />
>> <wsdl:input>
>> <wsp:PolicyReference
>> URI="#CertificateEndPoint_ValidadeTokenService_Input_policy" />
>> <soap12:body use="literal" />
>> </wsdl:input>
>> <wsdl:output>
>> <wsp:PolicyReference
>> URI="#CertificateEndPoint_ValidadeTokenService_output_policy" />
>> <soap12:body use="literal" />
>> </wsdl:output>
>> </wsdl:operation>
>> <wsdl:operation name="WhoIAm">
>> <soap12:operation
>> soapAction="http://tempuri.org/ISecGtwServiceContract/WhoIAm"
>> style="document" />
>> <wsdl:input>
>> <wsp:PolicyReference
> URI="#CertificateEndPoint_WhoIAm_Input_policy"
>> />
>> <soap12:body use="literal" />
>> </wsdl:input>
>> <wsdl:output>
>> <wsp:PolicyReference
> URI="#CertificateEndPoint_WhoIAm_output_policy"
>> />
>> <soap12:body use="literal" />
>> </wsdl:output>
>> </wsdl:operation>
>> </wsdl:binding>
>> <wsdl:service name="SecGtwService">
>> <wsdl:port name="CertificateEndPoint"
> binding="tns:CertificateEndPoint">
>> <soap12:address
>> location="http://nrio0230dco.pactual.net/services/SecureGateway/Calyps
>> oGatew
>> ayCert/SecGtwServiceHost.svc" />
>> <wsa10:EndpointReference>
>>
>> <wsa10:Address>http://nrio0230dco.pactual.net/services/SecureGateway/C
>> alypso GatewayCert/SecGtwServiceHost.svc</wsa10:Address>
>> <Identity
>> xmlns="http://schemas.xmlsoap.org/ws/2006/02/addressingidentity">
>> <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
>> <X509Data>
>>
>> <X509Certificate>MIIBxTCCAXOgAwIBAgIQoF4m3EAEm4RCITdLvQ/MxTAJBgUrDgMCH
>> QUAMBY
>> xFDASBgNVBAMTC1Jvb3QgQWdlbmN5MB4XDTEyMDcxODAwMjQzN1oXDTM5MTIzMTIzNTk1O
>> VowKDE
>> mMCQGA1UEAxMdUGFjdHVhbC5TZWN1cmVHYXRld2F5LlNlcnZpY2UwgZ8wDQYJKoZIhvcNA
>> QEBBQA
>> DgY0AMIGJAoGBAN7Bng23dMbhRgzQ3KuD1uox0MriWjJON3DL1tQsHqGqjE9ZiTeVnijDE
>> Wxre93
>> 8+/sELJ+Ru3mdoQae+ICfn3guBEwg80MBqeQlpNmWMssaKVWJAK5ur2YCo3UNoju2d+ZEg
>> 8+D0
>> 8+73tQ
>> 4MLp68a3TfUEKrzrBbXZQbFak8opoyCPhAgMBAAGjSzBJMEcGA1UdAQRAMD6AEBLkCS0GH
>> R1PAI1
>> hIdwWZGOhGDAWMRQwEgYDVQQDEwtSb290IEFnZW5jeYIQBjdsAKoAZIoRz7jUqlw19DAJB
>> gUrDgM
>> CHQUAA0EAVL4d3PW6GhtrfEyYBghg5SIzwrsaKUvOsudIEPuOH8xWPbkgyFszcxKJpOj2d
>> xawvNv srBo8D62D9xUTMexQHw==</X509Certificate>
>> </X509Data>
>> </KeyInfo>
>> </Identity>
>> </wsa10:EndpointReference>
>> </wsdl:port>
>> </wsdl:service>
>> </wsdl:definitions>
>>
>>
>> -----Mensagem original-----
>> De: Colm O hEigeartaigh [mailto:coheigea@apache.org]
>> Enviada: terça-feira, 28 de agosto de 2012 14:45
>> Para: users@cxf.apache.org
>> Assunto: Re: Using cxf with X509v3 certificates
>>
>> Yes, CXF supports this configuration. Your WSDL did not make it
>> through though so I can't tell what the problem is. Try just copying
>> and pasting the security binding directly into an email?
>>
>> Colm.
>>
>> On Tue, Aug 28, 2012 at 6:20 PM, Nícolas Fontenele <nf...@cpqi.com>
> wrote:
>>> Hi all,****
>>>
>>> ** **
>>>
>>> I'm developing a client service to consume a .net service with
>>> x509v3 certificate using ws-security.****
>>>
>>> The Service uses symmetric binding, with
>>> includeToken="prefix/AlwaysToRecipient" and a
>>> <sp:ProtectionToken>.****
>>>
>>> I have two certificates, a *.pfx file and *.cer which I have to use
>>> to
>>> access.****
>>>
>>> My wsdl is attached.****
>>>
>>> My question is Does cxf supports this configuration?****
>>>
>>> ** **
>>>
>>> Best Regards,****
>>>
>>> ** **
>>>
>>> ** **
>>>
>>> *Nícolas Fontenele*
>>>
>>> ** **
>>>
>>
>> --
>> Colm O hEigeartaigh
>>
>> Talend Community Coder
>> http://coders.talend.com
>>
--
Glen Mazza
Talend Community Coders - coders.talend.com
blog: www.jroller.com/gmazza
Re: Using cxf with X509v3 certificates
Posted by Daniel Kulp <dk...@apache.org>.
The main issue is this in the policy:
>> <mssp:SslContextToken
>> sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolic
>> y/
>> Includ
>> eToken/AlwaysToRecipient"
>> xmlns:mssp="http://schemas.microsoft.com/ws/2005/07/securitypolicy">
This is a MS proprietary token as far as I can tell and no one other than MS implements it.
See:
http://webservices20.blogspot.com/2008/10/interoperability-gotcha-sslcontexttoken.html
Dan
On Sep 10, 2012, at 12:50 PM, Nícolas Fontenele <nf...@cpqi.com> wrote:
> Hello Colm,
>
> As I said, I tried this mix only to get some feedback from the service. I'm
> not using right now.
> When I create ws policy based client and server it works well, like the
> examples you give me.
> The problem is when I tried to access a .net service , as described in the
> wsdl showed here.
> I got this strange behavior of signature token sad before. That's why I want
> to know if
> CXF is able to access this kind for service.
>
> If it isn’t , does anybody know any api/framework able to do it? May be free
> or paid.
>
>
> Thanks Colm!
>
> Regards,
>
> -----Mensagem original-----
> De: Colm O hEigeartaigh [mailto:coheigea@apache.org]
> Enviada: terça-feira, 4 de setembro de 2012 06:45
> Para: users@cxf.apache.org
> Assunto: Re: Using cxf with X509v3 certificates
>
> Hi Nicolas,
>
> The approach you are following is not valid. You must not add the
> WSS4J(Out|In)Interceptors for the security policy case. If you configure
> WS-SecurityPolicy as per the system tests I show you, does it work?
>
> Colm.
>
> On Mon, Sep 3, 2012 at 6:13 PM, Nícolas Fontenele <nf...@cpqi.com> wrote:
>
>> Thanks Colm.
>>
>> I tried to mix to see whether I can get some feedback from the service.
>> It’s
>> a .net service and I have only a pfx file and a .cer certifications.
>>
>> Most examples I saw I have cxf service and client, what I wanted to
>> know initially is that is possible to communicate to this service with
>> all this assertions showed
>>
>> In the wsdl.
>>
>> When I tried to access I got ‘’no signature token’’ and debugging CXF
>> I need to set the property ‘’ws-security.token’’.
>>
>> This property expects a ‘’SecurityToken’’ object which I don’t know
>> how can I create or get it.
>>
>>
>>
>> If you recognize this behavior please tell me, will be a good help.
>>
>>
>>
>> Regards,
>>
>>
>>
>> Nícolas Fontenele
>>
>>
>>
>> De: Colm O hEigeartaigh [mailto:coheigea@apache.org]
>> Enviada: segunda-feira, 3 de setembro de 2012 09:57
>> Para: Nicolas Frota
>> Cc: users@cxf.apache.org
>> Assunto: Re: Using cxf with X509v3 certificates
>>
>>
>>
>>
>> As Glen said, you are mixing two different type of configuration. For
>> the WS-SecurityPolicy case you do not need to add any interceptors, as
>> the policy-based interceptors are added automatically when the WSDL
>> contains WS-SecurityPolicy expressions. See the WS-Security example
>> system tests for some configuration examples:
>>
>> https://svn.apache.org/repos/asf/cxf/trunk/systests/ws-security-exampl
>> es/
>>
>> Colm.
>>
>> On Wed, Aug 29, 2012 at 9:19 PM, Nícolas Fontenele <nf...@cpqi.com>
>> wrote:
>>
>> Thanks Glenn, Do you know some examples of WS-SecPol only?
>> What I did is set some properties in the request context that I saw in
>> the documentation http://cxf.apache.org/docs/ws-securitypolicy.html .
>> Funny thing is that cxf asks for this property below:
>>
>>
>> Map<String, Object> ctx = ((BindingProvider)
>> port).getRequestContext();
>>
>> ctx.put("ws-security.token", new SecurityToken());
>>
>> which isnt wrote in the documentation. Do you have any ideia which
>> token should I put there?
>>
>> Best Regards,
>>
>> Nícolas Fontenele
>>
>>
>>
>> -----Mensagem original-----
>> De: Glen Mazza [mailto:gmazza@talend.com]
>>
>> Enviada: terça-feira, 28 de agosto de 2012 16:43
>>
>> Para: users@cxf.apache.org
>> Assunto: Re: Using cxf with X509v3 certificates
>>
>> From your earlier email you're using WS-SecurityPolicy in your WSDL,
>> so you shouldn't be using the WSS4J Out/In interceptors--that's
>> strictly for non-WS-SecPol use.
>>
>> Glen
>>
>> On 08/28/2012 03:28 PM, Nícolas Fontenele wrote:
>>> Im also adding my code here .
>>> Thanks!!
>>>
>>> public class Client {
>>>
>>> private static final String WSU_NS =
>>> "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-
>>> ut
>>> ility-
>>> 1.0.xsd";
>>>
>>> public static void main(String args[]) {
>>>
>>> try {
>>> // 02c6b75f-5fc8-4c05-a79f-78fa1ded10e1
>>> WSS4JOutInterceptor wssOut = createOutProperties();
>>> WSS4JInInterceptor wssIn = createInProperties();
>>>
>>> SecGtwService service = new SecGtwService(
>>> new java.net.URL(
>>>
>>> "http://nrio083fcom.develop.net/services/SecureGateway/CalypsoGatewa
>>> yC
>>> ert/Se
>>> cGtwServiceHost.svc?wsdl"));
>>> ISecGtwServiceContract port =
>>> service.getCertificateEndPoint();
>>>
>>> org.apache.cxf.endpoint.Client client =
>>> ClientProxy.getClient(port);
>>>
>>> client.getInInterceptors().add(wssIn);
>>> client.getOutInterceptors().add(wssOut);
>>>
>>> Map<String, Object> ctx = ((BindingProvider) port)
>>> .getRequestContext();
>>>
>>> ctx.put("ws-security.token", new SecurityToken());
>>> System.out.println(port.whoIAm());
>>>
>>> } catch (MalformedURLException e) {
>>> // TODO Auto-generated catch block
>>> e.printStackTrace();
>>> }
>>>
>>> }
>>>
>>> private static WSS4JInInterceptor createInProperties() {
>>> Map<String, Object> inProps = new HashMap<String, Object>();
>>> inProps.put(WSHandlerConstants.ACTION,
>>> "UsernameToken Timestamp Signature Encrypt");
>>> inProps.put("passwordType", "PasswordText");
>>> inProps.put("passwordCallbackClass",
>>> ClientPasswordCallback.class.getName());
>>> inProps.put("decryptionPropFile", "etc/client_enc.properties");
>>> inProps.put("encryptionKeyIdentifier", "IssuerSerial");
>>>
>>> inProps.put("signaturePropFile", "etc/client_sign.properties");
>>> inProps.put("signatureKeyIdentifier", "DirectReference");
>>>
>>> return new WSS4JInInterceptor(inProps);
>>>
>>> }
>>>
>>> private static WSS4JOutInterceptor createOutProperties() {
>>> Map<String, Object> outProps = new HashMap<String, Object>();
>>> outProps.put(WSHandlerConstants.ACTION,
>>> "UsernameToken Timestamp Signature Encrypt");
>>> outProps.put("passwordType", "PasswordDigest");
>>>
>>> outProps.put(WSHandlerConstants.USER,
>>> "02c6b75f-5fc8-4c05-a79f-78fa1ded10e1");
>>> outProps.put(WSHandlerConstants.PW_CALLBACK_CLASS,
>>> ClientPasswordCallback.class.getName());
>>>
>>> outProps.put("encryptionUser", "pub");
>>> outProps.put(WSHandlerConstants.ENC_PROP_FILE,
>>> "etc/client_enc.properties");
>>>
>>> outProps.put("encryptionKeyIdentifier", "IssuerSerial");
>>> outProps.put("encryptionParts", "{Element}{" + WSU_NS +
>>> "}Timestamp;"
>>> + "{Content}" +
>>> "{http://www.w3.org/2003/05/soap-envelope}Body
>> <http://www.w3.org/2003/05/soap-envelope%7dBody> ");
>>>
>>> outProps.put(WSHandlerConstants.SIG_PROP_FILE,
>>> "etc/client_sign.properties");
>>>
>>> outProps.put("signatureKeyIdentifier", "DirectReference");
>>> outProps.put("signatureParts", "{Element}{" + WSU_NS +
>> "}Timestamp;"
>>> + "{Element}" +
>>> "{http://www.w3.org/2003/05/soap-envelope}Body
>> <http://www.w3.org/2003/05/soap-envelope%7dBody> ");
>>>
>>> return new WSS4JOutInterceptor(outProps);
>>>
>>> }
>>>
>>> -----Mensagem original-----
>>> De: Nícolas Fontenele [mailto:nfrota@cpqi.com]
>>> Enviada: terça-feira, 28 de agosto de 2012 15:11
>>> Para: users@cxf.apache.org; coheigea@apache.org
>>> Assunto: RE: Using cxf with X509v3 certificates
>>>
>>> Thanks for the answer, I'll paste wsdl here.
>>> What I have been trying is use wss4j interceptors as I can see in
>>> some examples.
>>> I imported both certificates on my keystore and I can see debugging
>>> that the password handler get the keys from that.
>>> My problem right now is that CXF is expecting an initial token ( of
>>> a class SecurityToken ) on the request context property
>>> ''ws-security.token''. I saw it debugging.
>>> Is correct to use this property?
>>> I saw in ws security samples that only set properties on the
>>> interceptors and not in the requestcontext of the client.
>>> And if this behavior is correct, How can I create this token?
>>> Should I use another property?
>>>
>>> Wsdl is below, any idea?
>>> Thanks!
>>>
>>> <?xml version="1.0" encoding="utf-8"?> <wsdl:definitions
>>> xmlns:wsap="http://schemas.xmlsoap.org/ws/2004/08/addressing/policy"
>>> xmlns:wsa10="http://www.w3.org/2005/08/addressing"
>>> xmlns:tns="http://tempuri.org/"
>>> xmlns:msc="http://schemas.microsoft.com/ws/2005/12/wsdl/contract"
>>> xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/"
>>> xmlns:wsx="http://schemas.xmlsoap.org/ws/2004/09/mex"
>>> xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
>>> xmlns:wsam="http://www.w3.org/2007/05/addressing/metadata"
>>> xmlns:soap12="http://schemas.xmlsoap.org/wsdl/soap12/"
>>> xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"
>>> xmlns:wsaw="http://www.w3.org/2006/05/addressing/wsdl"
>>> xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/"
>>> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-w
>>> ss
>>
>>> ecurit y-utility-1.0.xsd" xmlns:xsd="http://www.w3.org/2001/XMLSchema"
>>
>>> name="SecGtwService" targetNamespace="http://tempuri.org/"
>>> xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">
>>> <wsp:Policy wsu:Id="CertificateEndPoint_policy">
>>> <wsp:ExactlyOne>
>>> <wsp:All>
>>> <sp:SymmetricBinding
>>> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
>>> <wsp:Policy>
>>> <sp:ProtectionToken>
>>> <wsp:Policy>
>>> <sp:SecureConversationToken
>>> sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolic
>>> y/
>>> Includ
>>> eToken/AlwaysToRecipient">
>>> <wsp:Policy>
>>> <sp:RequireDerivedKeys />
>>> <sp:BootstrapPolicy>
>>> <wsp:Policy>
>>> <sp:SignedParts>
>>> <sp:Body />
>>> <sp:Header Name="To"
>>> Namespace="http://www.w3.org/2005/08/addressing" />
>>> <sp:Header Name="From"
>>> Namespace="http://www.w3.org/2005/08/addressing" />
>>> <sp:Header Name="FaultTo"
>>> Namespace="http://www.w3.org/2005/08/addressing" />
>>> <sp:Header Name="ReplyTo"
>>> Namespace="http://www.w3.org/2005/08/addressing" />
>>> <sp:Header Name="MessageID"
>>> Namespace="http://www.w3.org/2005/08/addressing" />
>>> <sp:Header Name="RelatesTo"
>>> Namespace="http://www.w3.org/2005/08/addressing" />
>>> <sp:Header Name="Action"
>>> Namespace="http://www.w3.org/2005/08/addressing" />
>>> </sp:SignedParts>
>>> <sp:EncryptedParts>
>>> <sp:Body />
>>> </sp:EncryptedParts>
>>> <sp:SymmetricBinding>
>>> <wsp:Policy>
>>> <sp:ProtectionToken>
>>> <wsp:Policy>
>>> <mssp:SslContextToken
>>> sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolic
>>> y/
>>> Includ
>>> eToken/AlwaysToRecipient"
>>> xmlns:mssp="http://schemas.microsoft.com/ws/2005/07/securitypolicy">
>>> <wsp:Policy>
>>> <sp:RequireDerivedKeys />
>>> <mssp:RequireClientCertificate />
>>> </wsp:Policy>
>>> </mssp:SslContextToken>
>>> </wsp:Policy>
>>> </sp:ProtectionToken>
>>> <sp:AlgorithmSuite>
>>> <wsp:Policy>
>>> <sp:Basic256 />
>>> </wsp:Policy>
>>> </sp:AlgorithmSuite>
>>> <sp:Layout>
>>> <wsp:Policy>
>>> <sp:Strict />
>>> </wsp:Policy>
>>> </sp:Layout>
>>> <sp:IncludeTimestamp />
>>> <sp:EncryptSignature />
>>> <sp:OnlySignEntireHeadersAndBody />
>>> </wsp:Policy>
>>> </sp:SymmetricBinding>
>>> <sp:Wss11>
>>> <wsp:Policy />
>>> </sp:Wss11>
>>> <sp:Trust10>
>>> <wsp:Policy>
>>> <sp:MustSupportIssuedTokens />
>>> <sp:RequireClientEntropy />
>>> <sp:RequireServerEntropy />
>>> </wsp:Policy>
>>> </sp:Trust10>
>>> </wsp:Policy>
>>> </sp:BootstrapPolicy>
>>> </wsp:Policy>
>>> </sp:SecureConversationToken>
>>> </wsp:Policy>
>>> </sp:ProtectionToken>
>>> <sp:AlgorithmSuite>
>>> <wsp:Policy>
>>> <sp:Basic256 />
>>> </wsp:Policy>
>>> </sp:AlgorithmSuite>
>>> <sp:Layout>
>>> <wsp:Policy>
>>> <sp:Strict />
>>> </wsp:Policy>
>>> </sp:Layout>
>>> <sp:IncludeTimestamp />
>>> <sp:EncryptSignature />
>>> <sp:OnlySignEntireHeadersAndBody />
>>> </wsp:Policy>
>>> </sp:SymmetricBinding>
>>> <sp:Wss11
>>> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
>>> <wsp:Policy />
>>> </sp:Wss11>
>>> <sp:Trust10
>>> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
>>> <wsp:Policy>
>>> <sp:MustSupportIssuedTokens />
>>> <sp:RequireClientEntropy />
>>> <sp:RequireServerEntropy />
>>> </wsp:Policy>
>>> </sp:Trust10>
>>> <wsaw:UsingAddressing />
>>> </wsp:All>
>>> </wsp:ExactlyOne>
>>> </wsp:Policy>
>>> <wsp:Policy
>> wsu:Id="CertificateEndPoint_AuthenticateService_Input_policy">
>>> <wsp:ExactlyOne>
>>> <wsp:All>
>>> <sp:SignedParts
>>> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
>>> <sp:Body />
>>> <sp:Header Name="To"
>>> Namespace="http://www.w3.org/2005/08/addressing" />
>>> <sp:Header Name="From"
>>> Namespace="http://www.w3.org/2005/08/addressing" />
>>> <sp:Header Name="FaultTo"
>>> Namespace="http://www.w3.org/2005/08/addressing" />
>>> <sp:Header Name="ReplyTo"
>>> Namespace="http://www.w3.org/2005/08/addressing" />
>>> <sp:Header Name="MessageID"
>>> Namespace="http://www.w3.org/2005/08/addressing" />
>>> <sp:Header Name="RelatesTo"
>>> Namespace="http://www.w3.org/2005/08/addressing" />
>>> <sp:Header Name="Action"
>>> Namespace="http://www.w3.org/2005/08/addressing" />
>>> </sp:SignedParts>
>>> <sp:EncryptedParts
>>> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
>>> <sp:Body />
>>> </sp:EncryptedParts>
>>> </wsp:All>
>>> </wsp:ExactlyOne>
>>> </wsp:Policy>
>>> <wsp:Policy
>>> wsu:Id="CertificateEndPoint_AuthenticateService_output_policy">
>>> <wsp:ExactlyOne>
>>> <wsp:All>
>>> <sp:SignedParts
>>> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
>>> <sp:Body />
>>> <sp:Header Name="To"
>>> Namespace="http://www.w3.org/2005/08/addressing" />
>>> <sp:Header Name="From"
>>> Namespace="http://www.w3.org/2005/08/addressing" />
>>> <sp:Header Name="FaultTo"
>>> Namespace="http://www.w3.org/2005/08/addressing" />
>>> <sp:Header Name="ReplyTo"
>>> Namespace="http://www.w3.org/2005/08/addressing" />
>>> <sp:Header Name="MessageID"
>>> Namespace="http://www.w3.org/2005/08/addressing" />
>>> <sp:Header Name="RelatesTo"
>>> Namespace="http://www.w3.org/2005/08/addressing" />
>>> <sp:Header Name="Action"
>>> Namespace="http://www.w3.org/2005/08/addressing" />
>>> </sp:SignedParts>
>>> <sp:EncryptedParts
>>> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
>>> <sp:Body />
>>> </sp:EncryptedParts>
>>> </wsp:All>
>>> </wsp:ExactlyOne>
>>> </wsp:Policy>
>>> <wsp:Policy
>>> wsu:Id="CertificateEndPoint_ValidadeTokenService_Input_policy">
>>> <wsp:ExactlyOne>
>>> <wsp:All>
>>> <sp:SignedParts
>>> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
>>> <sp:Body />
>>> <sp:Header Name="To"
>>> Namespace="http://www.w3.org/2005/08/addressing" />
>>> <sp:Header Name="From"
>>> Namespace="http://www.w3.org/2005/08/addressing" />
>>> <sp:Header Name="FaultTo"
>>> Namespace="http://www.w3.org/2005/08/addressing" />
>>> <sp:Header Name="ReplyTo"
>>> Namespace="http://www.w3.org/2005/08/addressing" />
>>> <sp:Header Name="MessageID"
>>> Namespace="http://www.w3.org/2005/08/addressing" />
>>> <sp:Header Name="RelatesTo"
>>> Namespace="http://www.w3.org/2005/08/addressing" />
>>> <sp:Header Name="Action"
>>> Namespace="http://www.w3.org/2005/08/addressing" />
>>> </sp:SignedParts>
>>> <sp:EncryptedParts
>>> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
>>> <sp:Body />
>>> </sp:EncryptedParts>
>>> </wsp:All>
>>> </wsp:ExactlyOne>
>>> </wsp:Policy>
>>> <wsp:Policy
>>> wsu:Id="CertificateEndPoint_ValidadeTokenService_output_policy">
>>> <wsp:ExactlyOne>
>>> <wsp:All>
>>> <sp:SignedParts
>>> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
>>> <sp:Body />
>>> <sp:Header Name="To"
>>> Namespace="http://www.w3.org/2005/08/addressing" />
>>> <sp:Header Name="From"
>>> Namespace="http://www.w3.org/2005/08/addressing" />
>>> <sp:Header Name="FaultTo"
>>> Namespace="http://www.w3.org/2005/08/addressing" />
>>> <sp:Header Name="ReplyTo"
>>> Namespace="http://www.w3.org/2005/08/addressing" />
>>> <sp:Header Name="MessageID"
>>> Namespace="http://www.w3.org/2005/08/addressing" />
>>> <sp:Header Name="RelatesTo"
>>> Namespace="http://www.w3.org/2005/08/addressing" />
>>> <sp:Header Name="Action"
>>> Namespace="http://www.w3.org/2005/08/addressing" />
>>> </sp:SignedParts>
>>> <sp:EncryptedParts
>>> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
>>> <sp:Body />
>>> </sp:EncryptedParts>
>>> </wsp:All>
>>> </wsp:ExactlyOne>
>>> </wsp:Policy>
>>> <wsp:Policy wsu:Id="CertificateEndPoint_WhoIAm_Input_policy">
>>> <wsp:ExactlyOne>
>>> <wsp:All>
>>> <sp:SignedParts
>>> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
>>> <sp:Body />
>>> <sp:Header Name="To"
>>> Namespace="http://www.w3.org/2005/08/addressing" />
>>> <sp:Header Name="From"
>>> Namespace="http://www.w3.org/2005/08/addressing" />
>>> <sp:Header Name="FaultTo"
>>> Namespace="http://www.w3.org/2005/08/addressing" />
>>> <sp:Header Name="ReplyTo"
>>> Namespace="http://www.w3.org/2005/08/addressing" />
>>> <sp:Header Name="MessageID"
>>> Namespace="http://www.w3.org/2005/08/addressing" />
>>> <sp:Header Name="RelatesTo"
>>> Namespace="http://www.w3.org/2005/08/addressing" />
>>> <sp:Header Name="Action"
>>> Namespace="http://www.w3.org/2005/08/addressing" />
>>> </sp:SignedParts>
>>> <sp:EncryptedParts
>>> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
>>> <sp:Body />
>>> </sp:EncryptedParts>
>>> </wsp:All>
>>> </wsp:ExactlyOne>
>>> </wsp:Policy>
>>> <wsp:Policy wsu:Id="CertificateEndPoint_WhoIAm_output_policy">
>>> <wsp:ExactlyOne>
>>> <wsp:All>
>>> <sp:SignedParts
>>> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
>>> <sp:Body />
>>> <sp:Header Name="To"
>>> Namespace="http://www.w3.org/2005/08/addressing" />
>>> <sp:Header Name="From"
>>> Namespace="http://www.w3.org/2005/08/addressing" />
>>> <sp:Header Name="FaultTo"
>>> Namespace="http://www.w3.org/2005/08/addressing" />
>>> <sp:Header Name="ReplyTo"
>>> Namespace="http://www.w3.org/2005/08/addressing" />
>>> <sp:Header Name="MessageID"
>>> Namespace="http://www.w3.org/2005/08/addressing" />
>>> <sp:Header Name="RelatesTo"
>>> Namespace="http://www.w3.org/2005/08/addressing" />
>>> <sp:Header Name="Action"
>>> Namespace="http://www.w3.org/2005/08/addressing" />
>>> </sp:SignedParts>
>>> <sp:EncryptedParts
>>> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
>>> <sp:Body />
>>> </sp:EncryptedParts>
>>> </wsp:All>
>>> </wsp:ExactlyOne>
>>> </wsp:Policy>
>>> <wsdl:types>
>>> <xsd:schema targetNamespace="http://tempuri.org/Imports">
>>> <xsd:import
>>> schemaLocation="http://nrio0230dco.pactual.net/services/SecureGatewa
>>> y/
>>
>>> Calyps oGatewayCert/SecGtwServiceHost.svc?xsd=xsd0"
>>
>>> namespace="http://tempuri.org/"
>>> />
>>> <xsd:import
>>> schemaLocation="http://nrio0230dco.pactual.net/services/SecureGatewa
>>> y/
>>
>>> Calyps oGatewayCert/SecGtwServiceHost.svc?xsd=xsd1"
>>
>>> namespace="http://schemas.microsoft.com/2003/10/Serialization/" />
>>> <xsd:import
>>> schemaLocation="http://nrio0230dco.pactual.net/services/SecureGatewa
>>> y/ Calyps oGatewayCert/SecGtwServiceHost.svc?xsd=xsd2"
>>> namespace="http://schemas.datacontract.org/2004/07/Pactual.SecureGat
>>> ew
>>> ay.Ser
>>> vices.Contracts" />
>>> </xsd:schema>
>>> </wsdl:types>
>>> <wsdl:message
>>> name="ISecGtwServiceContract_AuthenticateService_InputMessage">
>>> <wsdl:part name="parameters" element="tns:AuthenticateService" />
>>> </wsdl:message>
>>> <wsdl:message
>>> name="ISecGtwServiceContract_AuthenticateService_OutputMessage">
>>> <wsdl:part name="parameters"
>> element="tns:AuthenticateServiceResponse"
>>> />
>>> </wsdl:message>
>>> <wsdl:message
>>> name="ISecGtwServiceContract_ValidadeTokenService_InputMessage">
>>> <wsdl:part name="parameters" element="tns:ValidadeTokenService" />
>>> </wsdl:message>
>>> <wsdl:message
>>> name="ISecGtwServiceContract_ValidadeTokenService_OutputMessage">
>>> <wsdl:part name="parameters"
>> element="tns:ValidadeTokenServiceResponse"
>>> />
>>> </wsdl:message>
>>> <wsdl:message name="ISecGtwServiceContract_WhoIAm_InputMessage">
>>> <wsdl:part name="parameters" element="tns:WhoIAm" />
>>> </wsdl:message>
>>> <wsdl:message name="ISecGtwServiceContract_WhoIAm_OutputMessage">
>>> <wsdl:part name="parameters" element="tns:WhoIAmResponse" />
>>> </wsdl:message>
>>> <wsdl:portType name="ISecGtwServiceContract">
>>> <wsdl:operation name="AuthenticateService">
>>> <wsdl:input
>>>
>> wsaw:Action="http://tempuri.org/ISecGtwServiceContract/AuthenticateSer
>> vice
>> "
>>> message="tns:ISecGtwServiceContract_AuthenticateService_InputMessage" />
>>> <wsdl:output
>>> wsaw:Action="http://tempuri.org/ISecGtwServiceContract/AuthenticateS
>>> er
>>> viceRe
>>> sponse"
>>> message="tns:ISecGtwServiceContract_AuthenticateService_OutputMessage"
> />
>>> </wsdl:operation>
>>> <wsdl:operation name="ValidadeTokenService">
>>> <wsdl:input
>>>
>> wsaw:Action="
>> http://tempuri.org/ISecGtwServiceContract/ValidadeTokenService"
>>> message="tns:ISecGtwServiceContract_ValidadeTokenService_InputMessage"
> />
>>> <wsdl:output
>>> wsaw:Action="http://tempuri.org/ISecGtwServiceContract/ValidadeToken
>>> Se
>>> rviceR
>>> esponse"
>>> message="tns:ISecGtwServiceContract_ValidadeTokenService_OutputMessage"
>> />
>>> </wsdl:operation>
>>> <wsdl:operation name="WhoIAm">
>>> <wsdl:input
>>> wsaw:Action="http://tempuri.org/ISecGtwServiceContract/WhoIAm"
>>> message="tns:ISecGtwServiceContract_WhoIAm_InputMessage" />
>>> <wsdl:output
>>> wsaw:Action="http://tempuri.org/ISecGtwServiceContract/WhoIAmResponse"
>>> message="tns:ISecGtwServiceContract_WhoIAm_OutputMessage" />
>>> </wsdl:operation>
>>> </wsdl:portType>
>>> <wsdl:binding name="CertificateEndPoint"
>>> type="tns:ISecGtwServiceContract">
>>> <wsp:PolicyReference URI="#CertificateEndPoint_policy" />
>>> <soap12:binding transport="http://schemas.xmlsoap.org/soap/http" />
>>> <wsdl:operation name="AuthenticateService">
>>> <soap12:operation
>>> soapAction="
>> http://tempuri.org/ISecGtwServiceContract/AuthenticateService"
>>> style="document" />
>>> <wsdl:input>
>>> <wsp:PolicyReference
>>> URI="#CertificateEndPoint_AuthenticateService_Input_policy" />
>>> <soap12:body use="literal" />
>>> </wsdl:input>
>>> <wsdl:output>
>>> <wsp:PolicyReference
>>> URI="#CertificateEndPoint_AuthenticateService_output_policy" />
>>> <soap12:body use="literal" />
>>> </wsdl:output>
>>> </wsdl:operation>
>>> <wsdl:operation name="ValidadeTokenService">
>>> <soap12:operation
>>>
>> soapAction="http://tempuri.org/ISecGtwServiceContract/ValidadeTokenSer
>> vice
>> "
>>> style="document" />
>>> <wsdl:input>
>>> <wsp:PolicyReference
>>> URI="#CertificateEndPoint_ValidadeTokenService_Input_policy" />
>>> <soap12:body use="literal" />
>>> </wsdl:input>
>>> <wsdl:output>
>>> <wsp:PolicyReference
>>> URI="#CertificateEndPoint_ValidadeTokenService_output_policy" />
>>> <soap12:body use="literal" />
>>> </wsdl:output>
>>> </wsdl:operation>
>>> <wsdl:operation name="WhoIAm">
>>> <soap12:operation
>>> soapAction="http://tempuri.org/ISecGtwServiceContract/WhoIAm"
>>> style="document" />
>>> <wsdl:input>
>>> <wsp:PolicyReference
>> URI="#CertificateEndPoint_WhoIAm_Input_policy"
>>> />
>>> <soap12:body use="literal" />
>>> </wsdl:input>
>>> <wsdl:output>
>>> <wsp:PolicyReference
>> URI="#CertificateEndPoint_WhoIAm_output_policy"
>>> />
>>> <soap12:body use="literal" />
>>> </wsdl:output>
>>> </wsdl:operation>
>>> </wsdl:binding>
>>> <wsdl:service name="SecGtwService">
>>> <wsdl:port name="CertificateEndPoint"
>> binding="tns:CertificateEndPoint">
>>> <soap12:address
>>> location="http://nrio0230dco.pactual.net/services/SecureGateway/Caly
>>> ps
>>> oGatew
>>> ayCert/SecGtwServiceHost.svc" />
>>> <wsa10:EndpointReference>
>>>
>>> <wsa10:Address>http://nrio0230dco.pactual.net/services/SecureGateway
>>> /C
>>
>>> alypso GatewayCert/SecGtwServiceHost.svc</wsa10:Address>
>>
>>> <Identity
>>> xmlns="http://schemas.xmlsoap.org/ws/2006/02/addressingidentity">
>>> <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#
>> <http://www.w3.org/2000/09/xmldsig> ">
>>> <X509Data>
>>>
>>> <X509Certificate>MIIBxTCCAXOgAwIBAgIQoF4m3EAEm4RCITdLvQ/MxTAJBgUrDgM
>>> CH
>>> QUAMBY
>>> xFDASBgNVBAMTC1Jvb3QgQWdlbmN5MB4XDTEyMDcxODAwMjQzN1oXDTM5MTIzMTIzNTk
>>> 1O
>>> VowKDE
>>> mMCQGA1UEAxMdUGFjdHVhbC5TZWN1cmVHYXRld2F5LlNlcnZpY2UwgZ8wDQYJKoZIhvc
>>> NA
>>> QEBBQA
>>> DgY0AMIGJAoGBAN7Bng23dMbhRgzQ3KuD1uox0MriWjJON3DL1tQsHqGqjE9ZiTeVnij
>>> DE
>>> Wxre93
>>> 8+/sELJ+Ru3mdoQae+ICfn3guBEwg80MBqeQlpNmWMssaKVWJAK5ur2YCo3UNoju2d+Z
>>> 8+Eg
>>
>>> 8+D0
>>> 8+73tQ
>>> 4MLp68a3TfUEKrzrBbXZQbFak8opoyCPhAgMBAAGjSzBJMEcGA1UdAQRAMD6AEBLkCS0
>>> GH
>>> R1PAI1
>>> hIdwWZGOhGDAWMRQwEgYDVQQDEwtSb290IEFnZW5jeYIQBjdsAKoAZIoRz7jUqlw19DA
>>> JB
>>> gUrDgM
>>> CHQUAA0EAVL4d3PW6GhtrfEyYBghg5SIzwrsaKUvOsudIEPuOH8xWPbkgyFszcxKJpOj
>>> 2d xawvNv srBo8D62D9xUTMexQHw==</X509Certificate>
>>
>>> </X509Data>
>>> </KeyInfo>
>>> </Identity>
>>> </wsa10:EndpointReference>
>>> </wsdl:port>
>>> </wsdl:service>
>>> </wsdl:definitions>
>>>
>>>
>>> -----Mensagem original-----
>>> De: Colm O hEigeartaigh [mailto:coheigea@apache.org]
>>> Enviada: terça-feira, 28 de agosto de 2012 14:45
>>> Para: users@cxf.apache.org
>>> Assunto: Re: Using cxf with X509v3 certificates
>>>
>>> Yes, CXF supports this configuration. Your WSDL did not make it
>>> through though so I can't tell what the problem is. Try just copying
>>> and pasting the security binding directly into an email?
>>>
>>> Colm.
>>>
>>> On Tue, Aug 28, 2012 at 6:20 PM, Nícolas Fontenele <nf...@cpqi.com>
>> wrote:
>>>
>>>> Hi all,****
>>>>
>>>> ** **
>>>>
>>>> I'm developing a client service to consume a .net service with
>>>> x509v3 certificate using ws-security.****
>>>>
>>>> The Service uses symmetric binding, with
>>>> includeToken="prefix/AlwaysToRecipient" and a
>>>> <sp:ProtectionToken>.****
>>>>
>>>> I have two certificates, a *.pfx file and *.cer which I have to use
>>>> to
>>>> access.****
>>>>
>>>> My wsdl is attached.****
>>>>
>>>> My question is Does cxf supports this configuration?****
>>>>
>>>> ** **
>>>>
>>>> Best Regards,****
>>>>
>>>> ** **
>>>>
>>>> ** **
>>>>
>>>> *Nícolas Fontenele*
>>>>
>>>> ** **
>>>>
>>>
>>>
>>> --
>>> Colm O hEigeartaigh
>>>
>>> Talend Community Coder
>>> http://coders.talend.com
>>>
>>
>>
>>
>>
>> --
>> Colm O hEigeartaigh
>>
>> Talend Community Coder
>> http://coders.talend.com
>>
>>
>
>
> --
> Colm O hEigeartaigh
>
> Talend Community Coder
> http://coders.talend.com
>
--
Daniel Kulp
dkulp@apache.org - http://dankulp.com/blog
Talend Community Coder - http://coders.talend.com
RE: Using cxf with X509v3 certificates
Posted by Nícolas Fontenele <nf...@cpqi.com>.
Hello Colm,
As I said, I tried this mix only to get some feedback from the service. I'm
not using right now.
When I create ws policy based client and server it works well, like the
examples you give me.
The problem is when I tried to access a .net service , as described in the
wsdl showed here.
I got this strange behavior of signature token sad before. That's why I want
to know if
CXF is able to access this kind for service.
If it isnt , does anybody know any api/framework able to do it? May be free
or paid.
Thanks Colm!
Regards,
-----Mensagem original-----
De: Colm O hEigeartaigh [mailto:coheigea@apache.org]
Enviada: terça-feira, 4 de setembro de 2012 06:45
Para: users@cxf.apache.org
Assunto: Re: Using cxf with X509v3 certificates
Hi Nicolas,
The approach you are following is not valid. You must not add the
WSS4J(Out|In)Interceptors for the security policy case. If you configure
WS-SecurityPolicy as per the system tests I show you, does it work?
Colm.
On Mon, Sep 3, 2012 at 6:13 PM, Nícolas Fontenele <nf...@cpqi.com> wrote:
> Thanks Colm.
>
> I tried to mix to see whether I can get some feedback from the service.
> Its
> a .net service and I have only a pfx file and a .cer certifications.
>
> Most examples I saw I have cxf service and client, what I wanted to
> know initially is that is possible to communicate to this service with
> all this assertions showed
>
> In the wsdl.
>
> When I tried to access I got no signature token and debugging CXF
> I need to set the property ws-security.token.
>
> This property expects a SecurityToken object which I dont know
> how can I create or get it.
>
>
>
> If you recognize this behavior please tell me, will be a good help.
>
>
>
> Regards,
>
>
>
> Nícolas Fontenele
>
>
>
> De: Colm O hEigeartaigh [mailto:coheigea@apache.org]
> Enviada: segunda-feira, 3 de setembro de 2012 09:57
> Para: Nicolas Frota
> Cc: users@cxf.apache.org
> Assunto: Re: Using cxf with X509v3 certificates
>
>
>
>
> As Glen said, you are mixing two different type of configuration. For
> the WS-SecurityPolicy case you do not need to add any interceptors, as
> the policy-based interceptors are added automatically when the WSDL
> contains WS-SecurityPolicy expressions. See the WS-Security example
> system tests for some configuration examples:
>
> https://svn.apache.org/repos/asf/cxf/trunk/systests/ws-security-exampl
> es/
>
> Colm.
>
> On Wed, Aug 29, 2012 at 9:19 PM, Nícolas Fontenele <nf...@cpqi.com>
> wrote:
>
> Thanks Glenn, Do you know some examples of WS-SecPol only?
> What I did is set some properties in the request context that I saw in
> the documentation http://cxf.apache.org/docs/ws-securitypolicy.html .
> Funny thing is that cxf asks for this property below:
>
>
> Map<String, Object> ctx = ((BindingProvider)
> port).getRequestContext();
>
> ctx.put("ws-security.token", new SecurityToken());
>
> which isnt wrote in the documentation. Do you have any ideia which
> token should I put there?
>
> Best Regards,
>
> Nícolas Fontenele
>
>
>
> -----Mensagem original-----
> De: Glen Mazza [mailto:gmazza@talend.com]
>
> Enviada: terça-feira, 28 de agosto de 2012 16:43
>
> Para: users@cxf.apache.org
> Assunto: Re: Using cxf with X509v3 certificates
>
> From your earlier email you're using WS-SecurityPolicy in your WSDL,
> so you shouldn't be using the WSS4J Out/In interceptors--that's
> strictly for non-WS-SecPol use.
>
> Glen
>
> On 08/28/2012 03:28 PM, Nícolas Fontenele wrote:
> > Im also adding my code here .
> > Thanks!!
> >
> > public class Client {
> >
> > private static final String WSU_NS =
> > "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-
> > ut
> > ility-
> > 1.0.xsd";
> >
> > public static void main(String args[]) {
> >
> > try {
> > // 02c6b75f-5fc8-4c05-a79f-78fa1ded10e1
> > WSS4JOutInterceptor wssOut = createOutProperties();
> > WSS4JInInterceptor wssIn = createInProperties();
> >
> > SecGtwService service = new SecGtwService(
> > new java.net.URL(
> >
> > "http://nrio083fcom.develop.net/services/SecureGateway/CalypsoGatewa
> > yC
> > ert/Se
> > cGtwServiceHost.svc?wsdl"));
> > ISecGtwServiceContract port =
> > service.getCertificateEndPoint();
> >
> > org.apache.cxf.endpoint.Client client =
> > ClientProxy.getClient(port);
> >
> > client.getInInterceptors().add(wssIn);
> > client.getOutInterceptors().add(wssOut);
> >
> > Map<String, Object> ctx = ((BindingProvider) port)
> > .getRequestContext();
> >
> > ctx.put("ws-security.token", new SecurityToken());
> > System.out.println(port.whoIAm());
> >
> > } catch (MalformedURLException e) {
> > // TODO Auto-generated catch block
> > e.printStackTrace();
> > }
> >
> > }
> >
> > private static WSS4JInInterceptor createInProperties() {
> > Map<String, Object> inProps = new HashMap<String, Object>();
> > inProps.put(WSHandlerConstants.ACTION,
> > "UsernameToken Timestamp Signature Encrypt");
> > inProps.put("passwordType", "PasswordText");
> > inProps.put("passwordCallbackClass",
> > ClientPasswordCallback.class.getName());
> > inProps.put("decryptionPropFile", "etc/client_enc.properties");
> > inProps.put("encryptionKeyIdentifier", "IssuerSerial");
> >
> > inProps.put("signaturePropFile", "etc/client_sign.properties");
> > inProps.put("signatureKeyIdentifier", "DirectReference");
> >
> > return new WSS4JInInterceptor(inProps);
> >
> > }
> >
> > private static WSS4JOutInterceptor createOutProperties() {
> > Map<String, Object> outProps = new HashMap<String, Object>();
> > outProps.put(WSHandlerConstants.ACTION,
> > "UsernameToken Timestamp Signature Encrypt");
> > outProps.put("passwordType", "PasswordDigest");
> >
> > outProps.put(WSHandlerConstants.USER,
> > "02c6b75f-5fc8-4c05-a79f-78fa1ded10e1");
> > outProps.put(WSHandlerConstants.PW_CALLBACK_CLASS,
> > ClientPasswordCallback.class.getName());
> >
> > outProps.put("encryptionUser", "pub");
> > outProps.put(WSHandlerConstants.ENC_PROP_FILE,
> > "etc/client_enc.properties");
> >
> > outProps.put("encryptionKeyIdentifier", "IssuerSerial");
> > outProps.put("encryptionParts", "{Element}{" + WSU_NS +
> > "}Timestamp;"
> > + "{Content}" +
> > "{http://www.w3.org/2003/05/soap-envelope}Body
> <http://www.w3.org/2003/05/soap-envelope%7dBody> ");
> >
> > outProps.put(WSHandlerConstants.SIG_PROP_FILE,
> > "etc/client_sign.properties");
> >
> > outProps.put("signatureKeyIdentifier", "DirectReference");
> > outProps.put("signatureParts", "{Element}{" + WSU_NS +
> "}Timestamp;"
> > + "{Element}" +
> > "{http://www.w3.org/2003/05/soap-envelope}Body
> <http://www.w3.org/2003/05/soap-envelope%7dBody> ");
> >
> > return new WSS4JOutInterceptor(outProps);
> >
> > }
> >
> > -----Mensagem original-----
> > De: Nícolas Fontenele [mailto:nfrota@cpqi.com]
> > Enviada: terça-feira, 28 de agosto de 2012 15:11
> > Para: users@cxf.apache.org; coheigea@apache.org
> > Assunto: RE: Using cxf with X509v3 certificates
> >
> > Thanks for the answer, I'll paste wsdl here.
> > What I have been trying is use wss4j interceptors as I can see in
> > some examples.
> > I imported both certificates on my keystore and I can see debugging
> > that the password handler get the keys from that.
> > My problem right now is that CXF is expecting an initial token ( of
> > a class SecurityToken ) on the request context property
> > ''ws-security.token''. I saw it debugging.
> > Is correct to use this property?
> > I saw in ws security samples that only set properties on the
> > interceptors and not in the requestcontext of the client.
> > And if this behavior is correct, How can I create this token?
> > Should I use another property?
> >
> > Wsdl is below, any idea?
> > Thanks!
> >
> > <?xml version="1.0" encoding="utf-8"?> <wsdl:definitions
> > xmlns:wsap="http://schemas.xmlsoap.org/ws/2004/08/addressing/policy"
> > xmlns:wsa10="http://www.w3.org/2005/08/addressing"
> > xmlns:tns="http://tempuri.org/"
> > xmlns:msc="http://schemas.microsoft.com/ws/2005/12/wsdl/contract"
> > xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/"
> > xmlns:wsx="http://schemas.xmlsoap.org/ws/2004/09/mex"
> > xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
> > xmlns:wsam="http://www.w3.org/2007/05/addressing/metadata"
> > xmlns:soap12="http://schemas.xmlsoap.org/wsdl/soap12/"
> > xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"
> > xmlns:wsaw="http://www.w3.org/2006/05/addressing/wsdl"
> > xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/"
> > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-w
> > ss
>
> > ecurit y-utility-1.0.xsd" xmlns:xsd="http://www.w3.org/2001/XMLSchema"
>
> > name="SecGtwService" targetNamespace="http://tempuri.org/"
> > xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">
> > <wsp:Policy wsu:Id="CertificateEndPoint_policy">
> > <wsp:ExactlyOne>
> > <wsp:All>
> > <sp:SymmetricBinding
> > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> > <wsp:Policy>
> > <sp:ProtectionToken>
> > <wsp:Policy>
> > <sp:SecureConversationToken
> > sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolic
> > y/
> > Includ
> > eToken/AlwaysToRecipient">
> > <wsp:Policy>
> > <sp:RequireDerivedKeys />
> > <sp:BootstrapPolicy>
> > <wsp:Policy>
> > <sp:SignedParts>
> > <sp:Body />
> > <sp:Header Name="To"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> > <sp:Header Name="From"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> > <sp:Header Name="FaultTo"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> > <sp:Header Name="ReplyTo"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> > <sp:Header Name="MessageID"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> > <sp:Header Name="RelatesTo"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> > <sp:Header Name="Action"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> > </sp:SignedParts>
> > <sp:EncryptedParts>
> > <sp:Body />
> > </sp:EncryptedParts>
> > <sp:SymmetricBinding>
> > <wsp:Policy>
> > <sp:ProtectionToken>
> > <wsp:Policy>
> > <mssp:SslContextToken
> > sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolic
> > y/
> > Includ
> > eToken/AlwaysToRecipient"
> > xmlns:mssp="http://schemas.microsoft.com/ws/2005/07/securitypolicy">
> > <wsp:Policy>
> > <sp:RequireDerivedKeys />
> > <mssp:RequireClientCertificate />
> > </wsp:Policy>
> > </mssp:SslContextToken>
> > </wsp:Policy>
> > </sp:ProtectionToken>
> > <sp:AlgorithmSuite>
> > <wsp:Policy>
> > <sp:Basic256 />
> > </wsp:Policy>
> > </sp:AlgorithmSuite>
> > <sp:Layout>
> > <wsp:Policy>
> > <sp:Strict />
> > </wsp:Policy>
> > </sp:Layout>
> > <sp:IncludeTimestamp />
> > <sp:EncryptSignature />
> > <sp:OnlySignEntireHeadersAndBody />
> > </wsp:Policy>
> > </sp:SymmetricBinding>
> > <sp:Wss11>
> > <wsp:Policy />
> > </sp:Wss11>
> > <sp:Trust10>
> > <wsp:Policy>
> > <sp:MustSupportIssuedTokens />
> > <sp:RequireClientEntropy />
> > <sp:RequireServerEntropy />
> > </wsp:Policy>
> > </sp:Trust10>
> > </wsp:Policy>
> > </sp:BootstrapPolicy>
> > </wsp:Policy>
> > </sp:SecureConversationToken>
> > </wsp:Policy>
> > </sp:ProtectionToken>
> > <sp:AlgorithmSuite>
> > <wsp:Policy>
> > <sp:Basic256 />
> > </wsp:Policy>
> > </sp:AlgorithmSuite>
> > <sp:Layout>
> > <wsp:Policy>
> > <sp:Strict />
> > </wsp:Policy>
> > </sp:Layout>
> > <sp:IncludeTimestamp />
> > <sp:EncryptSignature />
> > <sp:OnlySignEntireHeadersAndBody />
> > </wsp:Policy>
> > </sp:SymmetricBinding>
> > <sp:Wss11
> > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> > <wsp:Policy />
> > </sp:Wss11>
> > <sp:Trust10
> > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> > <wsp:Policy>
> > <sp:MustSupportIssuedTokens />
> > <sp:RequireClientEntropy />
> > <sp:RequireServerEntropy />
> > </wsp:Policy>
> > </sp:Trust10>
> > <wsaw:UsingAddressing />
> > </wsp:All>
> > </wsp:ExactlyOne>
> > </wsp:Policy>
> > <wsp:Policy
> wsu:Id="CertificateEndPoint_AuthenticateService_Input_policy">
> > <wsp:ExactlyOne>
> > <wsp:All>
> > <sp:SignedParts
> > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> > <sp:Body />
> > <sp:Header Name="To"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> > <sp:Header Name="From"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> > <sp:Header Name="FaultTo"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> > <sp:Header Name="ReplyTo"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> > <sp:Header Name="MessageID"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> > <sp:Header Name="RelatesTo"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> > <sp:Header Name="Action"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> > </sp:SignedParts>
> > <sp:EncryptedParts
> > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> > <sp:Body />
> > </sp:EncryptedParts>
> > </wsp:All>
> > </wsp:ExactlyOne>
> > </wsp:Policy>
> > <wsp:Policy
> > wsu:Id="CertificateEndPoint_AuthenticateService_output_policy">
> > <wsp:ExactlyOne>
> > <wsp:All>
> > <sp:SignedParts
> > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> > <sp:Body />
> > <sp:Header Name="To"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> > <sp:Header Name="From"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> > <sp:Header Name="FaultTo"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> > <sp:Header Name="ReplyTo"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> > <sp:Header Name="MessageID"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> > <sp:Header Name="RelatesTo"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> > <sp:Header Name="Action"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> > </sp:SignedParts>
> > <sp:EncryptedParts
> > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> > <sp:Body />
> > </sp:EncryptedParts>
> > </wsp:All>
> > </wsp:ExactlyOne>
> > </wsp:Policy>
> > <wsp:Policy
> > wsu:Id="CertificateEndPoint_ValidadeTokenService_Input_policy">
> > <wsp:ExactlyOne>
> > <wsp:All>
> > <sp:SignedParts
> > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> > <sp:Body />
> > <sp:Header Name="To"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> > <sp:Header Name="From"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> > <sp:Header Name="FaultTo"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> > <sp:Header Name="ReplyTo"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> > <sp:Header Name="MessageID"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> > <sp:Header Name="RelatesTo"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> > <sp:Header Name="Action"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> > </sp:SignedParts>
> > <sp:EncryptedParts
> > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> > <sp:Body />
> > </sp:EncryptedParts>
> > </wsp:All>
> > </wsp:ExactlyOne>
> > </wsp:Policy>
> > <wsp:Policy
> > wsu:Id="CertificateEndPoint_ValidadeTokenService_output_policy">
> > <wsp:ExactlyOne>
> > <wsp:All>
> > <sp:SignedParts
> > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> > <sp:Body />
> > <sp:Header Name="To"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> > <sp:Header Name="From"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> > <sp:Header Name="FaultTo"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> > <sp:Header Name="ReplyTo"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> > <sp:Header Name="MessageID"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> > <sp:Header Name="RelatesTo"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> > <sp:Header Name="Action"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> > </sp:SignedParts>
> > <sp:EncryptedParts
> > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> > <sp:Body />
> > </sp:EncryptedParts>
> > </wsp:All>
> > </wsp:ExactlyOne>
> > </wsp:Policy>
> > <wsp:Policy wsu:Id="CertificateEndPoint_WhoIAm_Input_policy">
> > <wsp:ExactlyOne>
> > <wsp:All>
> > <sp:SignedParts
> > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> > <sp:Body />
> > <sp:Header Name="To"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> > <sp:Header Name="From"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> > <sp:Header Name="FaultTo"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> > <sp:Header Name="ReplyTo"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> > <sp:Header Name="MessageID"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> > <sp:Header Name="RelatesTo"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> > <sp:Header Name="Action"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> > </sp:SignedParts>
> > <sp:EncryptedParts
> > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> > <sp:Body />
> > </sp:EncryptedParts>
> > </wsp:All>
> > </wsp:ExactlyOne>
> > </wsp:Policy>
> > <wsp:Policy wsu:Id="CertificateEndPoint_WhoIAm_output_policy">
> > <wsp:ExactlyOne>
> > <wsp:All>
> > <sp:SignedParts
> > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> > <sp:Body />
> > <sp:Header Name="To"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> > <sp:Header Name="From"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> > <sp:Header Name="FaultTo"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> > <sp:Header Name="ReplyTo"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> > <sp:Header Name="MessageID"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> > <sp:Header Name="RelatesTo"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> > <sp:Header Name="Action"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> > </sp:SignedParts>
> > <sp:EncryptedParts
> > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> > <sp:Body />
> > </sp:EncryptedParts>
> > </wsp:All>
> > </wsp:ExactlyOne>
> > </wsp:Policy>
> > <wsdl:types>
> > <xsd:schema targetNamespace="http://tempuri.org/Imports">
> > <xsd:import
> > schemaLocation="http://nrio0230dco.pactual.net/services/SecureGatewa
> > y/
>
> > Calyps oGatewayCert/SecGtwServiceHost.svc?xsd=xsd0"
>
> > namespace="http://tempuri.org/"
> > />
> > <xsd:import
> > schemaLocation="http://nrio0230dco.pactual.net/services/SecureGatewa
> > y/
>
> > Calyps oGatewayCert/SecGtwServiceHost.svc?xsd=xsd1"
>
> > namespace="http://schemas.microsoft.com/2003/10/Serialization/" />
> > <xsd:import
> > schemaLocation="http://nrio0230dco.pactual.net/services/SecureGatewa
> > y/ Calyps oGatewayCert/SecGtwServiceHost.svc?xsd=xsd2"
> > namespace="http://schemas.datacontract.org/2004/07/Pactual.SecureGat
> > ew
> > ay.Ser
> > vices.Contracts" />
> > </xsd:schema>
> > </wsdl:types>
> > <wsdl:message
> > name="ISecGtwServiceContract_AuthenticateService_InputMessage">
> > <wsdl:part name="parameters" element="tns:AuthenticateService" />
> > </wsdl:message>
> > <wsdl:message
> > name="ISecGtwServiceContract_AuthenticateService_OutputMessage">
> > <wsdl:part name="parameters"
> element="tns:AuthenticateServiceResponse"
> > />
> > </wsdl:message>
> > <wsdl:message
> > name="ISecGtwServiceContract_ValidadeTokenService_InputMessage">
> > <wsdl:part name="parameters" element="tns:ValidadeTokenService" />
> > </wsdl:message>
> > <wsdl:message
> > name="ISecGtwServiceContract_ValidadeTokenService_OutputMessage">
> > <wsdl:part name="parameters"
> element="tns:ValidadeTokenServiceResponse"
> > />
> > </wsdl:message>
> > <wsdl:message name="ISecGtwServiceContract_WhoIAm_InputMessage">
> > <wsdl:part name="parameters" element="tns:WhoIAm" />
> > </wsdl:message>
> > <wsdl:message name="ISecGtwServiceContract_WhoIAm_OutputMessage">
> > <wsdl:part name="parameters" element="tns:WhoIAmResponse" />
> > </wsdl:message>
> > <wsdl:portType name="ISecGtwServiceContract">
> > <wsdl:operation name="AuthenticateService">
> > <wsdl:input
> >
> wsaw:Action="http://tempuri.org/ISecGtwServiceContract/AuthenticateSer
> vice
> "
> > message="tns:ISecGtwServiceContract_AuthenticateService_InputMessage" />
> > <wsdl:output
> > wsaw:Action="http://tempuri.org/ISecGtwServiceContract/AuthenticateS
> > er
> > viceRe
> > sponse"
> > message="tns:ISecGtwServiceContract_AuthenticateService_OutputMessage"
/>
> > </wsdl:operation>
> > <wsdl:operation name="ValidadeTokenService">
> > <wsdl:input
> >
> wsaw:Action="
> http://tempuri.org/ISecGtwServiceContract/ValidadeTokenService"
> > message="tns:ISecGtwServiceContract_ValidadeTokenService_InputMessage"
/>
> > <wsdl:output
> > wsaw:Action="http://tempuri.org/ISecGtwServiceContract/ValidadeToken
> > Se
> > rviceR
> > esponse"
> > message="tns:ISecGtwServiceContract_ValidadeTokenService_OutputMessage"
> />
> > </wsdl:operation>
> > <wsdl:operation name="WhoIAm">
> > <wsdl:input
> > wsaw:Action="http://tempuri.org/ISecGtwServiceContract/WhoIAm"
> > message="tns:ISecGtwServiceContract_WhoIAm_InputMessage" />
> > <wsdl:output
> > wsaw:Action="http://tempuri.org/ISecGtwServiceContract/WhoIAmResponse"
> > message="tns:ISecGtwServiceContract_WhoIAm_OutputMessage" />
> > </wsdl:operation>
> > </wsdl:portType>
> > <wsdl:binding name="CertificateEndPoint"
> > type="tns:ISecGtwServiceContract">
> > <wsp:PolicyReference URI="#CertificateEndPoint_policy" />
> > <soap12:binding transport="http://schemas.xmlsoap.org/soap/http" />
> > <wsdl:operation name="AuthenticateService">
> > <soap12:operation
> > soapAction="
> http://tempuri.org/ISecGtwServiceContract/AuthenticateService"
> > style="document" />
> > <wsdl:input>
> > <wsp:PolicyReference
> > URI="#CertificateEndPoint_AuthenticateService_Input_policy" />
> > <soap12:body use="literal" />
> > </wsdl:input>
> > <wsdl:output>
> > <wsp:PolicyReference
> > URI="#CertificateEndPoint_AuthenticateService_output_policy" />
> > <soap12:body use="literal" />
> > </wsdl:output>
> > </wsdl:operation>
> > <wsdl:operation name="ValidadeTokenService">
> > <soap12:operation
> >
> soapAction="http://tempuri.org/ISecGtwServiceContract/ValidadeTokenSer
> vice
> "
> > style="document" />
> > <wsdl:input>
> > <wsp:PolicyReference
> > URI="#CertificateEndPoint_ValidadeTokenService_Input_policy" />
> > <soap12:body use="literal" />
> > </wsdl:input>
> > <wsdl:output>
> > <wsp:PolicyReference
> > URI="#CertificateEndPoint_ValidadeTokenService_output_policy" />
> > <soap12:body use="literal" />
> > </wsdl:output>
> > </wsdl:operation>
> > <wsdl:operation name="WhoIAm">
> > <soap12:operation
> > soapAction="http://tempuri.org/ISecGtwServiceContract/WhoIAm"
> > style="document" />
> > <wsdl:input>
> > <wsp:PolicyReference
> URI="#CertificateEndPoint_WhoIAm_Input_policy"
> > />
> > <soap12:body use="literal" />
> > </wsdl:input>
> > <wsdl:output>
> > <wsp:PolicyReference
> URI="#CertificateEndPoint_WhoIAm_output_policy"
> > />
> > <soap12:body use="literal" />
> > </wsdl:output>
> > </wsdl:operation>
> > </wsdl:binding>
> > <wsdl:service name="SecGtwService">
> > <wsdl:port name="CertificateEndPoint"
> binding="tns:CertificateEndPoint">
> > <soap12:address
> > location="http://nrio0230dco.pactual.net/services/SecureGateway/Caly
> > ps
> > oGatew
> > ayCert/SecGtwServiceHost.svc" />
> > <wsa10:EndpointReference>
> >
> > <wsa10:Address>http://nrio0230dco.pactual.net/services/SecureGateway
> > /C
>
> > alypso GatewayCert/SecGtwServiceHost.svc</wsa10:Address>
>
> > <Identity
> > xmlns="http://schemas.xmlsoap.org/ws/2006/02/addressingidentity">
> > <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#
> <http://www.w3.org/2000/09/xmldsig> ">
> > <X509Data>
> >
> > <X509Certificate>MIIBxTCCAXOgAwIBAgIQoF4m3EAEm4RCITdLvQ/MxTAJBgUrDgM
> > CH
> > QUAMBY
> > xFDASBgNVBAMTC1Jvb3QgQWdlbmN5MB4XDTEyMDcxODAwMjQzN1oXDTM5MTIzMTIzNTk
> > 1O
> > VowKDE
> > mMCQGA1UEAxMdUGFjdHVhbC5TZWN1cmVHYXRld2F5LlNlcnZpY2UwgZ8wDQYJKoZIhvc
> > NA
> > QEBBQA
> > DgY0AMIGJAoGBAN7Bng23dMbhRgzQ3KuD1uox0MriWjJON3DL1tQsHqGqjE9ZiTeVnij
> > DE
> > Wxre93
> > 8+/sELJ+Ru3mdoQae+ICfn3guBEwg80MBqeQlpNmWMssaKVWJAK5ur2YCo3UNoju2d+Z
> > 8+Eg
>
> > 8+D0
> > 8+73tQ
> > 4MLp68a3TfUEKrzrBbXZQbFak8opoyCPhAgMBAAGjSzBJMEcGA1UdAQRAMD6AEBLkCS0
> > GH
> > R1PAI1
> > hIdwWZGOhGDAWMRQwEgYDVQQDEwtSb290IEFnZW5jeYIQBjdsAKoAZIoRz7jUqlw19DA
> > JB
> > gUrDgM
> > CHQUAA0EAVL4d3PW6GhtrfEyYBghg5SIzwrsaKUvOsudIEPuOH8xWPbkgyFszcxKJpOj
> > 2d xawvNv srBo8D62D9xUTMexQHw==</X509Certificate>
>
> > </X509Data>
> > </KeyInfo>
> > </Identity>
> > </wsa10:EndpointReference>
> > </wsdl:port>
> > </wsdl:service>
> > </wsdl:definitions>
> >
> >
> > -----Mensagem original-----
> > De: Colm O hEigeartaigh [mailto:coheigea@apache.org]
> > Enviada: terça-feira, 28 de agosto de 2012 14:45
> > Para: users@cxf.apache.org
> > Assunto: Re: Using cxf with X509v3 certificates
> >
> > Yes, CXF supports this configuration. Your WSDL did not make it
> > through though so I can't tell what the problem is. Try just copying
> > and pasting the security binding directly into an email?
> >
> > Colm.
> >
> > On Tue, Aug 28, 2012 at 6:20 PM, Nícolas Fontenele <nf...@cpqi.com>
> wrote:
> >
> >> Hi all,****
> >>
> >> ** **
> >>
> >> I'm developing a client service to consume a .net service with
> >> x509v3 certificate using ws-security.****
> >>
> >> The Service uses symmetric binding, with
> >> includeToken="prefix/AlwaysToRecipient" and a
> >> <sp:ProtectionToken>.****
> >>
> >> I have two certificates, a *.pfx file and *.cer which I have to use
> >> to
> >> access.****
> >>
> >> My wsdl is attached.****
> >>
> >> My question is Does cxf supports this configuration?****
> >>
> >> ** **
> >>
> >> Best Regards,****
> >>
> >> ** **
> >>
> >> ** **
> >>
> >> *Nícolas Fontenele*
> >>
> >> ** **
> >>
> >
> >
> > --
> > Colm O hEigeartaigh
> >
> > Talend Community Coder
> > http://coders.talend.com
> >
>
>
>
>
> --
> Colm O hEigeartaigh
>
> Talend Community Coder
> http://coders.talend.com
>
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
Re: Using cxf with X509v3 certificates
Posted by Colm O hEigeartaigh <co...@apache.org>.
Hi Nicolas,
The approach you are following is not valid. You must not add the
WSS4J(Out|In)Interceptors for the security policy case. If you configure
WS-SecurityPolicy as per the system tests I show you, does it work?
Colm.
On Mon, Sep 3, 2012 at 6:13 PM, Nícolas Fontenele <nf...@cpqi.com> wrote:
> Thanks Colm.
>
> I tried to mix to see whether I can get some feedback from the service.
> It’s
> a .net service and I have only a pfx file and a .cer certifications.
>
> Most examples I saw I have cxf service and client, what I wanted to know
> initially is that is possible to communicate to this service with all this
> assertions showed
>
> In the wsdl.
>
> When I tried to access I got ‘’no signature token’’ and debugging CXF I
> need to set the property ‘’ws-security.token’’.
>
> This property expects a ‘’SecurityToken’’ object which I don’t know how can
> I create or get it.
>
>
>
> If you recognize this behavior please tell me, will be a good help.
>
>
>
> Regards,
>
>
>
> Nícolas Fontenele
>
>
>
> De: Colm O hEigeartaigh [mailto:coheigea@apache.org]
> Enviada: segunda-feira, 3 de setembro de 2012 09:57
> Para: Nicolas Frota
> Cc: users@cxf.apache.org
> Assunto: Re: Using cxf with X509v3 certificates
>
>
>
>
> As Glen said, you are mixing two different type of configuration. For the
> WS-SecurityPolicy case you do not need to add any interceptors, as the
> policy-based interceptors are added automatically when the WSDL contains
> WS-SecurityPolicy expressions. See the WS-Security example system tests for
> some configuration examples:
>
> https://svn.apache.org/repos/asf/cxf/trunk/systests/ws-security-examples/
>
> Colm.
>
> On Wed, Aug 29, 2012 at 9:19 PM, Nícolas Fontenele <nf...@cpqi.com>
> wrote:
>
> Thanks Glenn, Do you know some examples of WS-SecPol only?
> What I did is set some properties in the request context that I saw in the
> documentation http://cxf.apache.org/docs/ws-securitypolicy.html .
> Funny thing is that cxf asks for this property below:
>
>
> Map<String, Object> ctx = ((BindingProvider) port).getRequestContext();
>
> ctx.put("ws-security.token", new SecurityToken());
>
> which isnt wrote in the documentation. Do you have any ideia which token
> should I put there?
>
> Best Regards,
>
> Nícolas Fontenele
>
>
>
> -----Mensagem original-----
> De: Glen Mazza [mailto:gmazza@talend.com]
>
> Enviada: terça-feira, 28 de agosto de 2012 16:43
>
> Para: users@cxf.apache.org
> Assunto: Re: Using cxf with X509v3 certificates
>
> From your earlier email you're using WS-SecurityPolicy in your WSDL, so
> you
> shouldn't be using the WSS4J Out/In interceptors--that's strictly for
> non-WS-SecPol use.
>
> Glen
>
> On 08/28/2012 03:28 PM, Nícolas Fontenele wrote:
> > Im also adding my code here .
> > Thanks!!
> >
> > public class Client {
> >
> > private static final String WSU_NS =
> > "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-ut
> > ility-
> > 1.0.xsd";
> >
> > public static void main(String args[]) {
> >
> > try {
> > // 02c6b75f-5fc8-4c05-a79f-78fa1ded10e1
> > WSS4JOutInterceptor wssOut = createOutProperties();
> > WSS4JInInterceptor wssIn = createInProperties();
> >
> > SecGtwService service = new SecGtwService(
> > new java.net.URL(
> >
> > "http://nrio083fcom.develop.net/services/SecureGateway/CalypsoGatewayC
> > ert/Se
> > cGtwServiceHost.svc?wsdl"));
> > ISecGtwServiceContract port =
> > service.getCertificateEndPoint();
> >
> > org.apache.cxf.endpoint.Client client =
> > ClientProxy.getClient(port);
> >
> > client.getInInterceptors().add(wssIn);
> > client.getOutInterceptors().add(wssOut);
> >
> > Map<String, Object> ctx = ((BindingProvider) port)
> > .getRequestContext();
> >
> > ctx.put("ws-security.token", new SecurityToken());
> > System.out.println(port.whoIAm());
> >
> > } catch (MalformedURLException e) {
> > // TODO Auto-generated catch block
> > e.printStackTrace();
> > }
> >
> > }
> >
> > private static WSS4JInInterceptor createInProperties() {
> > Map<String, Object> inProps = new HashMap<String, Object>();
> > inProps.put(WSHandlerConstants.ACTION,
> > "UsernameToken Timestamp Signature Encrypt");
> > inProps.put("passwordType", "PasswordText");
> > inProps.put("passwordCallbackClass",
> > ClientPasswordCallback.class.getName());
> > inProps.put("decryptionPropFile", "etc/client_enc.properties");
> > inProps.put("encryptionKeyIdentifier", "IssuerSerial");
> >
> > inProps.put("signaturePropFile", "etc/client_sign.properties");
> > inProps.put("signatureKeyIdentifier", "DirectReference");
> >
> > return new WSS4JInInterceptor(inProps);
> >
> > }
> >
> > private static WSS4JOutInterceptor createOutProperties() {
> > Map<String, Object> outProps = new HashMap<String, Object>();
> > outProps.put(WSHandlerConstants.ACTION,
> > "UsernameToken Timestamp Signature Encrypt");
> > outProps.put("passwordType", "PasswordDigest");
> >
> > outProps.put(WSHandlerConstants.USER,
> > "02c6b75f-5fc8-4c05-a79f-78fa1ded10e1");
> > outProps.put(WSHandlerConstants.PW_CALLBACK_CLASS,
> > ClientPasswordCallback.class.getName());
> >
> > outProps.put("encryptionUser", "pub");
> > outProps.put(WSHandlerConstants.ENC_PROP_FILE,
> > "etc/client_enc.properties");
> >
> > outProps.put("encryptionKeyIdentifier", "IssuerSerial");
> > outProps.put("encryptionParts", "{Element}{" + WSU_NS +
> > "}Timestamp;"
> > + "{Content}" +
> > "{http://www.w3.org/2003/05/soap-envelope}Body
> <http://www.w3.org/2003/05/soap-envelope%7dBody> ");
> >
> > outProps.put(WSHandlerConstants.SIG_PROP_FILE,
> > "etc/client_sign.properties");
> >
> > outProps.put("signatureKeyIdentifier", "DirectReference");
> > outProps.put("signatureParts", "{Element}{" + WSU_NS +
> "}Timestamp;"
> > + "{Element}" +
> > "{http://www.w3.org/2003/05/soap-envelope}Body
> <http://www.w3.org/2003/05/soap-envelope%7dBody> ");
> >
> > return new WSS4JOutInterceptor(outProps);
> >
> > }
> >
> > -----Mensagem original-----
> > De: Nícolas Fontenele [mailto:nfrota@cpqi.com]
> > Enviada: terça-feira, 28 de agosto de 2012 15:11
> > Para: users@cxf.apache.org; coheigea@apache.org
> > Assunto: RE: Using cxf with X509v3 certificates
> >
> > Thanks for the answer, I'll paste wsdl here.
> > What I have been trying is use wss4j interceptors as I can see in some
> > examples.
> > I imported both certificates on my keystore and I can see debugging
> > that the password handler get the keys from that.
> > My problem right now is that CXF is expecting an initial token ( of a
> > class SecurityToken ) on the request context property
> > ''ws-security.token''. I saw it debugging.
> > Is correct to use this property?
> > I saw in ws security samples that only set properties on the
> > interceptors and not in the requestcontext of the client.
> > And if this behavior is correct, How can I create this token? Should
> > I use another property?
> >
> > Wsdl is below, any idea?
> > Thanks!
> >
> > <?xml version="1.0" encoding="utf-8"?> <wsdl:definitions
> > xmlns:wsap="http://schemas.xmlsoap.org/ws/2004/08/addressing/policy"
> > xmlns:wsa10="http://www.w3.org/2005/08/addressing"
> > xmlns:tns="http://tempuri.org/"
> > xmlns:msc="http://schemas.microsoft.com/ws/2005/12/wsdl/contract"
> > xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/"
> > xmlns:wsx="http://schemas.xmlsoap.org/ws/2004/09/mex"
> > xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
> > xmlns:wsam="http://www.w3.org/2007/05/addressing/metadata"
> > xmlns:soap12="http://schemas.xmlsoap.org/wsdl/soap12/"
> > xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"
> > xmlns:wsaw="http://www.w3.org/2006/05/addressing/wsdl"
> > xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/"
> > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wss
>
> > ecurit y-utility-1.0.xsd" xmlns:xsd="http://www.w3.org/2001/XMLSchema"
>
> > name="SecGtwService" targetNamespace="http://tempuri.org/"
> > xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">
> > <wsp:Policy wsu:Id="CertificateEndPoint_policy">
> > <wsp:ExactlyOne>
> > <wsp:All>
> > <sp:SymmetricBinding
> > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> > <wsp:Policy>
> > <sp:ProtectionToken>
> > <wsp:Policy>
> > <sp:SecureConversationToken
> > sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/
> > Includ
> > eToken/AlwaysToRecipient">
> > <wsp:Policy>
> > <sp:RequireDerivedKeys />
> > <sp:BootstrapPolicy>
> > <wsp:Policy>
> > <sp:SignedParts>
> > <sp:Body />
> > <sp:Header Name="To"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> > <sp:Header Name="From"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> > <sp:Header Name="FaultTo"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> > <sp:Header Name="ReplyTo"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> > <sp:Header Name="MessageID"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> > <sp:Header Name="RelatesTo"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> > <sp:Header Name="Action"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> > </sp:SignedParts>
> > <sp:EncryptedParts>
> > <sp:Body />
> > </sp:EncryptedParts>
> > <sp:SymmetricBinding>
> > <wsp:Policy>
> > <sp:ProtectionToken>
> > <wsp:Policy>
> > <mssp:SslContextToken
> > sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/
> > Includ
> > eToken/AlwaysToRecipient"
> > xmlns:mssp="http://schemas.microsoft.com/ws/2005/07/securitypolicy">
> > <wsp:Policy>
> > <sp:RequireDerivedKeys />
> > <mssp:RequireClientCertificate />
> > </wsp:Policy>
> > </mssp:SslContextToken>
> > </wsp:Policy>
> > </sp:ProtectionToken>
> > <sp:AlgorithmSuite>
> > <wsp:Policy>
> > <sp:Basic256 />
> > </wsp:Policy>
> > </sp:AlgorithmSuite>
> > <sp:Layout>
> > <wsp:Policy>
> > <sp:Strict />
> > </wsp:Policy>
> > </sp:Layout>
> > <sp:IncludeTimestamp />
> > <sp:EncryptSignature />
> > <sp:OnlySignEntireHeadersAndBody />
> > </wsp:Policy>
> > </sp:SymmetricBinding>
> > <sp:Wss11>
> > <wsp:Policy />
> > </sp:Wss11>
> > <sp:Trust10>
> > <wsp:Policy>
> > <sp:MustSupportIssuedTokens />
> > <sp:RequireClientEntropy />
> > <sp:RequireServerEntropy />
> > </wsp:Policy>
> > </sp:Trust10>
> > </wsp:Policy>
> > </sp:BootstrapPolicy>
> > </wsp:Policy>
> > </sp:SecureConversationToken>
> > </wsp:Policy>
> > </sp:ProtectionToken>
> > <sp:AlgorithmSuite>
> > <wsp:Policy>
> > <sp:Basic256 />
> > </wsp:Policy>
> > </sp:AlgorithmSuite>
> > <sp:Layout>
> > <wsp:Policy>
> > <sp:Strict />
> > </wsp:Policy>
> > </sp:Layout>
> > <sp:IncludeTimestamp />
> > <sp:EncryptSignature />
> > <sp:OnlySignEntireHeadersAndBody />
> > </wsp:Policy>
> > </sp:SymmetricBinding>
> > <sp:Wss11
> > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> > <wsp:Policy />
> > </sp:Wss11>
> > <sp:Trust10
> > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> > <wsp:Policy>
> > <sp:MustSupportIssuedTokens />
> > <sp:RequireClientEntropy />
> > <sp:RequireServerEntropy />
> > </wsp:Policy>
> > </sp:Trust10>
> > <wsaw:UsingAddressing />
> > </wsp:All>
> > </wsp:ExactlyOne>
> > </wsp:Policy>
> > <wsp:Policy
> wsu:Id="CertificateEndPoint_AuthenticateService_Input_policy">
> > <wsp:ExactlyOne>
> > <wsp:All>
> > <sp:SignedParts
> > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> > <sp:Body />
> > <sp:Header Name="To"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> > <sp:Header Name="From"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> > <sp:Header Name="FaultTo"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> > <sp:Header Name="ReplyTo"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> > <sp:Header Name="MessageID"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> > <sp:Header Name="RelatesTo"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> > <sp:Header Name="Action"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> > </sp:SignedParts>
> > <sp:EncryptedParts
> > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> > <sp:Body />
> > </sp:EncryptedParts>
> > </wsp:All>
> > </wsp:ExactlyOne>
> > </wsp:Policy>
> > <wsp:Policy
> > wsu:Id="CertificateEndPoint_AuthenticateService_output_policy">
> > <wsp:ExactlyOne>
> > <wsp:All>
> > <sp:SignedParts
> > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> > <sp:Body />
> > <sp:Header Name="To"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> > <sp:Header Name="From"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> > <sp:Header Name="FaultTo"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> > <sp:Header Name="ReplyTo"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> > <sp:Header Name="MessageID"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> > <sp:Header Name="RelatesTo"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> > <sp:Header Name="Action"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> > </sp:SignedParts>
> > <sp:EncryptedParts
> > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> > <sp:Body />
> > </sp:EncryptedParts>
> > </wsp:All>
> > </wsp:ExactlyOne>
> > </wsp:Policy>
> > <wsp:Policy
> > wsu:Id="CertificateEndPoint_ValidadeTokenService_Input_policy">
> > <wsp:ExactlyOne>
> > <wsp:All>
> > <sp:SignedParts
> > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> > <sp:Body />
> > <sp:Header Name="To"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> > <sp:Header Name="From"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> > <sp:Header Name="FaultTo"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> > <sp:Header Name="ReplyTo"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> > <sp:Header Name="MessageID"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> > <sp:Header Name="RelatesTo"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> > <sp:Header Name="Action"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> > </sp:SignedParts>
> > <sp:EncryptedParts
> > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> > <sp:Body />
> > </sp:EncryptedParts>
> > </wsp:All>
> > </wsp:ExactlyOne>
> > </wsp:Policy>
> > <wsp:Policy
> > wsu:Id="CertificateEndPoint_ValidadeTokenService_output_policy">
> > <wsp:ExactlyOne>
> > <wsp:All>
> > <sp:SignedParts
> > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> > <sp:Body />
> > <sp:Header Name="To"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> > <sp:Header Name="From"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> > <sp:Header Name="FaultTo"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> > <sp:Header Name="ReplyTo"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> > <sp:Header Name="MessageID"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> > <sp:Header Name="RelatesTo"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> > <sp:Header Name="Action"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> > </sp:SignedParts>
> > <sp:EncryptedParts
> > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> > <sp:Body />
> > </sp:EncryptedParts>
> > </wsp:All>
> > </wsp:ExactlyOne>
> > </wsp:Policy>
> > <wsp:Policy wsu:Id="CertificateEndPoint_WhoIAm_Input_policy">
> > <wsp:ExactlyOne>
> > <wsp:All>
> > <sp:SignedParts
> > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> > <sp:Body />
> > <sp:Header Name="To"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> > <sp:Header Name="From"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> > <sp:Header Name="FaultTo"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> > <sp:Header Name="ReplyTo"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> > <sp:Header Name="MessageID"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> > <sp:Header Name="RelatesTo"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> > <sp:Header Name="Action"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> > </sp:SignedParts>
> > <sp:EncryptedParts
> > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> > <sp:Body />
> > </sp:EncryptedParts>
> > </wsp:All>
> > </wsp:ExactlyOne>
> > </wsp:Policy>
> > <wsp:Policy wsu:Id="CertificateEndPoint_WhoIAm_output_policy">
> > <wsp:ExactlyOne>
> > <wsp:All>
> > <sp:SignedParts
> > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> > <sp:Body />
> > <sp:Header Name="To"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> > <sp:Header Name="From"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> > <sp:Header Name="FaultTo"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> > <sp:Header Name="ReplyTo"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> > <sp:Header Name="MessageID"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> > <sp:Header Name="RelatesTo"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> > <sp:Header Name="Action"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> > </sp:SignedParts>
> > <sp:EncryptedParts
> > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> > <sp:Body />
> > </sp:EncryptedParts>
> > </wsp:All>
> > </wsp:ExactlyOne>
> > </wsp:Policy>
> > <wsdl:types>
> > <xsd:schema targetNamespace="http://tempuri.org/Imports">
> > <xsd:import
> > schemaLocation="http://nrio0230dco.pactual.net/services/SecureGateway/
>
> > Calyps oGatewayCert/SecGtwServiceHost.svc?xsd=xsd0"
>
> > namespace="http://tempuri.org/"
> > />
> > <xsd:import
> > schemaLocation="http://nrio0230dco.pactual.net/services/SecureGateway/
>
> > Calyps oGatewayCert/SecGtwServiceHost.svc?xsd=xsd1"
>
> > namespace="http://schemas.microsoft.com/2003/10/Serialization/" />
> > <xsd:import
> > schemaLocation="http://nrio0230dco.pactual.net/services/SecureGateway/
> > Calyps oGatewayCert/SecGtwServiceHost.svc?xsd=xsd2"
> > namespace="http://schemas.datacontract.org/2004/07/Pactual.SecureGatew
> > ay.Ser
> > vices.Contracts" />
> > </xsd:schema>
> > </wsdl:types>
> > <wsdl:message
> > name="ISecGtwServiceContract_AuthenticateService_InputMessage">
> > <wsdl:part name="parameters" element="tns:AuthenticateService" />
> > </wsdl:message>
> > <wsdl:message
> > name="ISecGtwServiceContract_AuthenticateService_OutputMessage">
> > <wsdl:part name="parameters"
> element="tns:AuthenticateServiceResponse"
> > />
> > </wsdl:message>
> > <wsdl:message
> > name="ISecGtwServiceContract_ValidadeTokenService_InputMessage">
> > <wsdl:part name="parameters" element="tns:ValidadeTokenService" />
> > </wsdl:message>
> > <wsdl:message
> > name="ISecGtwServiceContract_ValidadeTokenService_OutputMessage">
> > <wsdl:part name="parameters"
> element="tns:ValidadeTokenServiceResponse"
> > />
> > </wsdl:message>
> > <wsdl:message name="ISecGtwServiceContract_WhoIAm_InputMessage">
> > <wsdl:part name="parameters" element="tns:WhoIAm" />
> > </wsdl:message>
> > <wsdl:message name="ISecGtwServiceContract_WhoIAm_OutputMessage">
> > <wsdl:part name="parameters" element="tns:WhoIAmResponse" />
> > </wsdl:message>
> > <wsdl:portType name="ISecGtwServiceContract">
> > <wsdl:operation name="AuthenticateService">
> > <wsdl:input
> >
> wsaw:Action="http://tempuri.org/ISecGtwServiceContract/AuthenticateService
> "
> > message="tns:ISecGtwServiceContract_AuthenticateService_InputMessage" />
> > <wsdl:output
> > wsaw:Action="http://tempuri.org/ISecGtwServiceContract/AuthenticateSer
> > viceRe
> > sponse"
> > message="tns:ISecGtwServiceContract_AuthenticateService_OutputMessage" />
> > </wsdl:operation>
> > <wsdl:operation name="ValidadeTokenService">
> > <wsdl:input
> >
> wsaw:Action="
> http://tempuri.org/ISecGtwServiceContract/ValidadeTokenService"
> > message="tns:ISecGtwServiceContract_ValidadeTokenService_InputMessage" />
> > <wsdl:output
> > wsaw:Action="http://tempuri.org/ISecGtwServiceContract/ValidadeTokenSe
> > rviceR
> > esponse"
> > message="tns:ISecGtwServiceContract_ValidadeTokenService_OutputMessage"
> />
> > </wsdl:operation>
> > <wsdl:operation name="WhoIAm">
> > <wsdl:input
> > wsaw:Action="http://tempuri.org/ISecGtwServiceContract/WhoIAm"
> > message="tns:ISecGtwServiceContract_WhoIAm_InputMessage" />
> > <wsdl:output
> > wsaw:Action="http://tempuri.org/ISecGtwServiceContract/WhoIAmResponse"
> > message="tns:ISecGtwServiceContract_WhoIAm_OutputMessage" />
> > </wsdl:operation>
> > </wsdl:portType>
> > <wsdl:binding name="CertificateEndPoint"
> > type="tns:ISecGtwServiceContract">
> > <wsp:PolicyReference URI="#CertificateEndPoint_policy" />
> > <soap12:binding transport="http://schemas.xmlsoap.org/soap/http" />
> > <wsdl:operation name="AuthenticateService">
> > <soap12:operation
> > soapAction="
> http://tempuri.org/ISecGtwServiceContract/AuthenticateService"
> > style="document" />
> > <wsdl:input>
> > <wsp:PolicyReference
> > URI="#CertificateEndPoint_AuthenticateService_Input_policy" />
> > <soap12:body use="literal" />
> > </wsdl:input>
> > <wsdl:output>
> > <wsp:PolicyReference
> > URI="#CertificateEndPoint_AuthenticateService_output_policy" />
> > <soap12:body use="literal" />
> > </wsdl:output>
> > </wsdl:operation>
> > <wsdl:operation name="ValidadeTokenService">
> > <soap12:operation
> >
> soapAction="http://tempuri.org/ISecGtwServiceContract/ValidadeTokenService
> "
> > style="document" />
> > <wsdl:input>
> > <wsp:PolicyReference
> > URI="#CertificateEndPoint_ValidadeTokenService_Input_policy" />
> > <soap12:body use="literal" />
> > </wsdl:input>
> > <wsdl:output>
> > <wsp:PolicyReference
> > URI="#CertificateEndPoint_ValidadeTokenService_output_policy" />
> > <soap12:body use="literal" />
> > </wsdl:output>
> > </wsdl:operation>
> > <wsdl:operation name="WhoIAm">
> > <soap12:operation
> > soapAction="http://tempuri.org/ISecGtwServiceContract/WhoIAm"
> > style="document" />
> > <wsdl:input>
> > <wsp:PolicyReference
> URI="#CertificateEndPoint_WhoIAm_Input_policy"
> > />
> > <soap12:body use="literal" />
> > </wsdl:input>
> > <wsdl:output>
> > <wsp:PolicyReference
> URI="#CertificateEndPoint_WhoIAm_output_policy"
> > />
> > <soap12:body use="literal" />
> > </wsdl:output>
> > </wsdl:operation>
> > </wsdl:binding>
> > <wsdl:service name="SecGtwService">
> > <wsdl:port name="CertificateEndPoint"
> binding="tns:CertificateEndPoint">
> > <soap12:address
> > location="http://nrio0230dco.pactual.net/services/SecureGateway/Calyps
> > oGatew
> > ayCert/SecGtwServiceHost.svc" />
> > <wsa10:EndpointReference>
> >
> > <wsa10:Address>http://nrio0230dco.pactual.net/services/SecureGateway/C
>
> > alypso GatewayCert/SecGtwServiceHost.svc</wsa10:Address>
>
> > <Identity
> > xmlns="http://schemas.xmlsoap.org/ws/2006/02/addressingidentity">
> > <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#
> <http://www.w3.org/2000/09/xmldsig> ">
> > <X509Data>
> >
> > <X509Certificate>MIIBxTCCAXOgAwIBAgIQoF4m3EAEm4RCITdLvQ/MxTAJBgUrDgMCH
> > QUAMBY
> > xFDASBgNVBAMTC1Jvb3QgQWdlbmN5MB4XDTEyMDcxODAwMjQzN1oXDTM5MTIzMTIzNTk1O
> > VowKDE
> > mMCQGA1UEAxMdUGFjdHVhbC5TZWN1cmVHYXRld2F5LlNlcnZpY2UwgZ8wDQYJKoZIhvcNA
> > QEBBQA
> > DgY0AMIGJAoGBAN7Bng23dMbhRgzQ3KuD1uox0MriWjJON3DL1tQsHqGqjE9ZiTeVnijDE
> > Wxre93
> > 8+/sELJ+Ru3mdoQae+ICfn3guBEwg80MBqeQlpNmWMssaKVWJAK5ur2YCo3UNoju2d+ZEg
>
> > 8+D0
> > 8+73tQ
> > 4MLp68a3TfUEKrzrBbXZQbFak8opoyCPhAgMBAAGjSzBJMEcGA1UdAQRAMD6AEBLkCS0GH
> > R1PAI1
> > hIdwWZGOhGDAWMRQwEgYDVQQDEwtSb290IEFnZW5jeYIQBjdsAKoAZIoRz7jUqlw19DAJB
> > gUrDgM
> > CHQUAA0EAVL4d3PW6GhtrfEyYBghg5SIzwrsaKUvOsudIEPuOH8xWPbkgyFszcxKJpOj2d
> > xawvNv srBo8D62D9xUTMexQHw==</X509Certificate>
>
> > </X509Data>
> > </KeyInfo>
> > </Identity>
> > </wsa10:EndpointReference>
> > </wsdl:port>
> > </wsdl:service>
> > </wsdl:definitions>
> >
> >
> > -----Mensagem original-----
> > De: Colm O hEigeartaigh [mailto:coheigea@apache.org]
> > Enviada: terça-feira, 28 de agosto de 2012 14:45
> > Para: users@cxf.apache.org
> > Assunto: Re: Using cxf with X509v3 certificates
> >
> > Yes, CXF supports this configuration. Your WSDL did not make it
> > through though so I can't tell what the problem is. Try just copying
> > and pasting the security binding directly into an email?
> >
> > Colm.
> >
> > On Tue, Aug 28, 2012 at 6:20 PM, Nícolas Fontenele <nf...@cpqi.com>
> wrote:
> >
> >> Hi all,****
> >>
> >> ** **
> >>
> >> I'm developing a client service to consume a .net service with
> >> x509v3 certificate using ws-security.****
> >>
> >> The Service uses symmetric binding, with
> >> includeToken="prefix/AlwaysToRecipient" and a
> >> <sp:ProtectionToken>.****
> >>
> >> I have two certificates, a *.pfx file and *.cer which I have to use
> >> to
> >> access.****
> >>
> >> My wsdl is attached.****
> >>
> >> My question is Does cxf supports this configuration?****
> >>
> >> ** **
> >>
> >> Best Regards,****
> >>
> >> ** **
> >>
> >> ** **
> >>
> >> *Nícolas Fontenele*
> >>
> >> ** **
> >>
> >
> >
> > --
> > Colm O hEigeartaigh
> >
> > Talend Community Coder
> > http://coders.talend.com
> >
>
>
>
>
> --
> Colm O hEigeartaigh
>
> Talend Community Coder
> http://coders.talend.com
>
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
RE: Using cxf with X509v3 certificates
Posted by Nícolas Fontenele <nf...@cpqi.com>.
Thanks Colm.
I tried to mix to see whether I can get some feedback from the service. Its
a .net service and I have only a pfx file and a .cer certifications.
Most examples I saw I have cxf service and client, what I wanted to know
initially is that is possible to communicate to this service with all this
assertions showed
In the wsdl.
When I tried to access I got no signature token and debugging CXF I
need to set the property ws-security.token.
This property expects a SecurityToken object which I dont know how can
I create or get it.
If you recognize this behavior please tell me, will be a good help.
Regards,
Nícolas Fontenele
De: Colm O hEigeartaigh [mailto:coheigea@apache.org]
Enviada: segunda-feira, 3 de setembro de 2012 09:57
Para: Nicolas Frota
Cc: users@cxf.apache.org
Assunto: Re: Using cxf with X509v3 certificates
As Glen said, you are mixing two different type of configuration. For the
WS-SecurityPolicy case you do not need to add any interceptors, as the
policy-based interceptors are added automatically when the WSDL contains
WS-SecurityPolicy expressions. See the WS-Security example system tests for
some configuration examples:
https://svn.apache.org/repos/asf/cxf/trunk/systests/ws-security-examples/
Colm.
On Wed, Aug 29, 2012 at 9:19 PM, Nícolas Fontenele <nf...@cpqi.com> wrote:
Thanks Glenn, Do you know some examples of WS-SecPol only?
What I did is set some properties in the request context that I saw in the
documentation http://cxf.apache.org/docs/ws-securitypolicy.html .
Funny thing is that cxf asks for this property below:
Map<String, Object> ctx = ((BindingProvider) port).getRequestContext();
ctx.put("ws-security.token", new SecurityToken());
which isnt wrote in the documentation. Do you have any ideia which token
should I put there?
Best Regards,
Nícolas Fontenele
-----Mensagem original-----
De: Glen Mazza [mailto:gmazza@talend.com]
Enviada: terça-feira, 28 de agosto de 2012 16:43
Para: users@cxf.apache.org
Assunto: Re: Using cxf with X509v3 certificates
From your earlier email you're using WS-SecurityPolicy in your WSDL, so you
shouldn't be using the WSS4J Out/In interceptors--that's strictly for
non-WS-SecPol use.
Glen
On 08/28/2012 03:28 PM, Nícolas Fontenele wrote:
> Im also adding my code here .
> Thanks!!
>
> public class Client {
>
> private static final String WSU_NS =
> "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-ut
> ility-
> 1.0.xsd";
>
> public static void main(String args[]) {
>
> try {
> // 02c6b75f-5fc8-4c05-a79f-78fa1ded10e1
> WSS4JOutInterceptor wssOut = createOutProperties();
> WSS4JInInterceptor wssIn = createInProperties();
>
> SecGtwService service = new SecGtwService(
> new java.net.URL(
>
> "http://nrio083fcom.develop.net/services/SecureGateway/CalypsoGatewayC
> ert/Se
> cGtwServiceHost.svc?wsdl"));
> ISecGtwServiceContract port =
> service.getCertificateEndPoint();
>
> org.apache.cxf.endpoint.Client client =
> ClientProxy.getClient(port);
>
> client.getInInterceptors().add(wssIn);
> client.getOutInterceptors().add(wssOut);
>
> Map<String, Object> ctx = ((BindingProvider) port)
> .getRequestContext();
>
> ctx.put("ws-security.token", new SecurityToken());
> System.out.println(port.whoIAm());
>
> } catch (MalformedURLException e) {
> // TODO Auto-generated catch block
> e.printStackTrace();
> }
>
> }
>
> private static WSS4JInInterceptor createInProperties() {
> Map<String, Object> inProps = new HashMap<String, Object>();
> inProps.put(WSHandlerConstants.ACTION,
> "UsernameToken Timestamp Signature Encrypt");
> inProps.put("passwordType", "PasswordText");
> inProps.put("passwordCallbackClass",
> ClientPasswordCallback.class.getName());
> inProps.put("decryptionPropFile", "etc/client_enc.properties");
> inProps.put("encryptionKeyIdentifier", "IssuerSerial");
>
> inProps.put("signaturePropFile", "etc/client_sign.properties");
> inProps.put("signatureKeyIdentifier", "DirectReference");
>
> return new WSS4JInInterceptor(inProps);
>
> }
>
> private static WSS4JOutInterceptor createOutProperties() {
> Map<String, Object> outProps = new HashMap<String, Object>();
> outProps.put(WSHandlerConstants.ACTION,
> "UsernameToken Timestamp Signature Encrypt");
> outProps.put("passwordType", "PasswordDigest");
>
> outProps.put(WSHandlerConstants.USER,
> "02c6b75f-5fc8-4c05-a79f-78fa1ded10e1");
> outProps.put(WSHandlerConstants.PW_CALLBACK_CLASS,
> ClientPasswordCallback.class.getName());
>
> outProps.put("encryptionUser", "pub");
> outProps.put(WSHandlerConstants.ENC_PROP_FILE,
> "etc/client_enc.properties");
>
> outProps.put("encryptionKeyIdentifier", "IssuerSerial");
> outProps.put("encryptionParts", "{Element}{" + WSU_NS +
> "}Timestamp;"
> + "{Content}" +
> "{http://www.w3.org/2003/05/soap-envelope}Body
<http://www.w3.org/2003/05/soap-envelope%7dBody> ");
>
> outProps.put(WSHandlerConstants.SIG_PROP_FILE,
> "etc/client_sign.properties");
>
> outProps.put("signatureKeyIdentifier", "DirectReference");
> outProps.put("signatureParts", "{Element}{" + WSU_NS + "}Timestamp;"
> + "{Element}" +
> "{http://www.w3.org/2003/05/soap-envelope}Body
<http://www.w3.org/2003/05/soap-envelope%7dBody> ");
>
> return new WSS4JOutInterceptor(outProps);
>
> }
>
> -----Mensagem original-----
> De: Nícolas Fontenele [mailto:nfrota@cpqi.com]
> Enviada: terça-feira, 28 de agosto de 2012 15:11
> Para: users@cxf.apache.org; coheigea@apache.org
> Assunto: RE: Using cxf with X509v3 certificates
>
> Thanks for the answer, I'll paste wsdl here.
> What I have been trying is use wss4j interceptors as I can see in some
> examples.
> I imported both certificates on my keystore and I can see debugging
> that the password handler get the keys from that.
> My problem right now is that CXF is expecting an initial token ( of a
> class SecurityToken ) on the request context property
> ''ws-security.token''. I saw it debugging.
> Is correct to use this property?
> I saw in ws security samples that only set properties on the
> interceptors and not in the requestcontext of the client.
> And if this behavior is correct, How can I create this token? Should
> I use another property?
>
> Wsdl is below, any idea?
> Thanks!
>
> <?xml version="1.0" encoding="utf-8"?> <wsdl:definitions
> xmlns:wsap="http://schemas.xmlsoap.org/ws/2004/08/addressing/policy"
> xmlns:wsa10="http://www.w3.org/2005/08/addressing"
> xmlns:tns="http://tempuri.org/"
> xmlns:msc="http://schemas.microsoft.com/ws/2005/12/wsdl/contract"
> xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/"
> xmlns:wsx="http://schemas.xmlsoap.org/ws/2004/09/mex"
> xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
> xmlns:wsam="http://www.w3.org/2007/05/addressing/metadata"
> xmlns:soap12="http://schemas.xmlsoap.org/wsdl/soap12/"
> xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"
> xmlns:wsaw="http://www.w3.org/2006/05/addressing/wsdl"
> xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/"
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wss
> ecurit y-utility-1.0.xsd" xmlns:xsd="http://www.w3.org/2001/XMLSchema"
> name="SecGtwService" targetNamespace="http://tempuri.org/"
> xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">
> <wsp:Policy wsu:Id="CertificateEndPoint_policy">
> <wsp:ExactlyOne>
> <wsp:All>
> <sp:SymmetricBinding
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <wsp:Policy>
> <sp:ProtectionToken>
> <wsp:Policy>
> <sp:SecureConversationToken
> sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/
> Includ
> eToken/AlwaysToRecipient">
> <wsp:Policy>
> <sp:RequireDerivedKeys />
> <sp:BootstrapPolicy>
> <wsp:Policy>
> <sp:SignedParts>
> <sp:Body />
> <sp:Header Name="To"
> Namespace="http://www.w3.org/2005/08/addressing" />
> <sp:Header Name="From"
> Namespace="http://www.w3.org/2005/08/addressing" />
> <sp:Header Name="FaultTo"
> Namespace="http://www.w3.org/2005/08/addressing" />
> <sp:Header Name="ReplyTo"
> Namespace="http://www.w3.org/2005/08/addressing" />
> <sp:Header Name="MessageID"
> Namespace="http://www.w3.org/2005/08/addressing" />
> <sp:Header Name="RelatesTo"
> Namespace="http://www.w3.org/2005/08/addressing" />
> <sp:Header Name="Action"
> Namespace="http://www.w3.org/2005/08/addressing" />
> </sp:SignedParts>
> <sp:EncryptedParts>
> <sp:Body />
> </sp:EncryptedParts>
> <sp:SymmetricBinding>
> <wsp:Policy>
> <sp:ProtectionToken>
> <wsp:Policy>
> <mssp:SslContextToken
> sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/
> Includ
> eToken/AlwaysToRecipient"
> xmlns:mssp="http://schemas.microsoft.com/ws/2005/07/securitypolicy">
> <wsp:Policy>
> <sp:RequireDerivedKeys />
> <mssp:RequireClientCertificate />
> </wsp:Policy>
> </mssp:SslContextToken>
> </wsp:Policy>
> </sp:ProtectionToken>
> <sp:AlgorithmSuite>
> <wsp:Policy>
> <sp:Basic256 />
> </wsp:Policy>
> </sp:AlgorithmSuite>
> <sp:Layout>
> <wsp:Policy>
> <sp:Strict />
> </wsp:Policy>
> </sp:Layout>
> <sp:IncludeTimestamp />
> <sp:EncryptSignature />
> <sp:OnlySignEntireHeadersAndBody />
> </wsp:Policy>
> </sp:SymmetricBinding>
> <sp:Wss11>
> <wsp:Policy />
> </sp:Wss11>
> <sp:Trust10>
> <wsp:Policy>
> <sp:MustSupportIssuedTokens />
> <sp:RequireClientEntropy />
> <sp:RequireServerEntropy />
> </wsp:Policy>
> </sp:Trust10>
> </wsp:Policy>
> </sp:BootstrapPolicy>
> </wsp:Policy>
> </sp:SecureConversationToken>
> </wsp:Policy>
> </sp:ProtectionToken>
> <sp:AlgorithmSuite>
> <wsp:Policy>
> <sp:Basic256 />
> </wsp:Policy>
> </sp:AlgorithmSuite>
> <sp:Layout>
> <wsp:Policy>
> <sp:Strict />
> </wsp:Policy>
> </sp:Layout>
> <sp:IncludeTimestamp />
> <sp:EncryptSignature />
> <sp:OnlySignEntireHeadersAndBody />
> </wsp:Policy>
> </sp:SymmetricBinding>
> <sp:Wss11
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <wsp:Policy />
> </sp:Wss11>
> <sp:Trust10
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <wsp:Policy>
> <sp:MustSupportIssuedTokens />
> <sp:RequireClientEntropy />
> <sp:RequireServerEntropy />
> </wsp:Policy>
> </sp:Trust10>
> <wsaw:UsingAddressing />
> </wsp:All>
> </wsp:ExactlyOne>
> </wsp:Policy>
> <wsp:Policy
wsu:Id="CertificateEndPoint_AuthenticateService_Input_policy">
> <wsp:ExactlyOne>
> <wsp:All>
> <sp:SignedParts
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <sp:Body />
> <sp:Header Name="To"
> Namespace="http://www.w3.org/2005/08/addressing" />
> <sp:Header Name="From"
> Namespace="http://www.w3.org/2005/08/addressing" />
> <sp:Header Name="FaultTo"
> Namespace="http://www.w3.org/2005/08/addressing" />
> <sp:Header Name="ReplyTo"
> Namespace="http://www.w3.org/2005/08/addressing" />
> <sp:Header Name="MessageID"
> Namespace="http://www.w3.org/2005/08/addressing" />
> <sp:Header Name="RelatesTo"
> Namespace="http://www.w3.org/2005/08/addressing" />
> <sp:Header Name="Action"
> Namespace="http://www.w3.org/2005/08/addressing" />
> </sp:SignedParts>
> <sp:EncryptedParts
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <sp:Body />
> </sp:EncryptedParts>
> </wsp:All>
> </wsp:ExactlyOne>
> </wsp:Policy>
> <wsp:Policy
> wsu:Id="CertificateEndPoint_AuthenticateService_output_policy">
> <wsp:ExactlyOne>
> <wsp:All>
> <sp:SignedParts
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <sp:Body />
> <sp:Header Name="To"
> Namespace="http://www.w3.org/2005/08/addressing" />
> <sp:Header Name="From"
> Namespace="http://www.w3.org/2005/08/addressing" />
> <sp:Header Name="FaultTo"
> Namespace="http://www.w3.org/2005/08/addressing" />
> <sp:Header Name="ReplyTo"
> Namespace="http://www.w3.org/2005/08/addressing" />
> <sp:Header Name="MessageID"
> Namespace="http://www.w3.org/2005/08/addressing" />
> <sp:Header Name="RelatesTo"
> Namespace="http://www.w3.org/2005/08/addressing" />
> <sp:Header Name="Action"
> Namespace="http://www.w3.org/2005/08/addressing" />
> </sp:SignedParts>
> <sp:EncryptedParts
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <sp:Body />
> </sp:EncryptedParts>
> </wsp:All>
> </wsp:ExactlyOne>
> </wsp:Policy>
> <wsp:Policy
> wsu:Id="CertificateEndPoint_ValidadeTokenService_Input_policy">
> <wsp:ExactlyOne>
> <wsp:All>
> <sp:SignedParts
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <sp:Body />
> <sp:Header Name="To"
> Namespace="http://www.w3.org/2005/08/addressing" />
> <sp:Header Name="From"
> Namespace="http://www.w3.org/2005/08/addressing" />
> <sp:Header Name="FaultTo"
> Namespace="http://www.w3.org/2005/08/addressing" />
> <sp:Header Name="ReplyTo"
> Namespace="http://www.w3.org/2005/08/addressing" />
> <sp:Header Name="MessageID"
> Namespace="http://www.w3.org/2005/08/addressing" />
> <sp:Header Name="RelatesTo"
> Namespace="http://www.w3.org/2005/08/addressing" />
> <sp:Header Name="Action"
> Namespace="http://www.w3.org/2005/08/addressing" />
> </sp:SignedParts>
> <sp:EncryptedParts
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <sp:Body />
> </sp:EncryptedParts>
> </wsp:All>
> </wsp:ExactlyOne>
> </wsp:Policy>
> <wsp:Policy
> wsu:Id="CertificateEndPoint_ValidadeTokenService_output_policy">
> <wsp:ExactlyOne>
> <wsp:All>
> <sp:SignedParts
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <sp:Body />
> <sp:Header Name="To"
> Namespace="http://www.w3.org/2005/08/addressing" />
> <sp:Header Name="From"
> Namespace="http://www.w3.org/2005/08/addressing" />
> <sp:Header Name="FaultTo"
> Namespace="http://www.w3.org/2005/08/addressing" />
> <sp:Header Name="ReplyTo"
> Namespace="http://www.w3.org/2005/08/addressing" />
> <sp:Header Name="MessageID"
> Namespace="http://www.w3.org/2005/08/addressing" />
> <sp:Header Name="RelatesTo"
> Namespace="http://www.w3.org/2005/08/addressing" />
> <sp:Header Name="Action"
> Namespace="http://www.w3.org/2005/08/addressing" />
> </sp:SignedParts>
> <sp:EncryptedParts
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <sp:Body />
> </sp:EncryptedParts>
> </wsp:All>
> </wsp:ExactlyOne>
> </wsp:Policy>
> <wsp:Policy wsu:Id="CertificateEndPoint_WhoIAm_Input_policy">
> <wsp:ExactlyOne>
> <wsp:All>
> <sp:SignedParts
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <sp:Body />
> <sp:Header Name="To"
> Namespace="http://www.w3.org/2005/08/addressing" />
> <sp:Header Name="From"
> Namespace="http://www.w3.org/2005/08/addressing" />
> <sp:Header Name="FaultTo"
> Namespace="http://www.w3.org/2005/08/addressing" />
> <sp:Header Name="ReplyTo"
> Namespace="http://www.w3.org/2005/08/addressing" />
> <sp:Header Name="MessageID"
> Namespace="http://www.w3.org/2005/08/addressing" />
> <sp:Header Name="RelatesTo"
> Namespace="http://www.w3.org/2005/08/addressing" />
> <sp:Header Name="Action"
> Namespace="http://www.w3.org/2005/08/addressing" />
> </sp:SignedParts>
> <sp:EncryptedParts
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <sp:Body />
> </sp:EncryptedParts>
> </wsp:All>
> </wsp:ExactlyOne>
> </wsp:Policy>
> <wsp:Policy wsu:Id="CertificateEndPoint_WhoIAm_output_policy">
> <wsp:ExactlyOne>
> <wsp:All>
> <sp:SignedParts
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <sp:Body />
> <sp:Header Name="To"
> Namespace="http://www.w3.org/2005/08/addressing" />
> <sp:Header Name="From"
> Namespace="http://www.w3.org/2005/08/addressing" />
> <sp:Header Name="FaultTo"
> Namespace="http://www.w3.org/2005/08/addressing" />
> <sp:Header Name="ReplyTo"
> Namespace="http://www.w3.org/2005/08/addressing" />
> <sp:Header Name="MessageID"
> Namespace="http://www.w3.org/2005/08/addressing" />
> <sp:Header Name="RelatesTo"
> Namespace="http://www.w3.org/2005/08/addressing" />
> <sp:Header Name="Action"
> Namespace="http://www.w3.org/2005/08/addressing" />
> </sp:SignedParts>
> <sp:EncryptedParts
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <sp:Body />
> </sp:EncryptedParts>
> </wsp:All>
> </wsp:ExactlyOne>
> </wsp:Policy>
> <wsdl:types>
> <xsd:schema targetNamespace="http://tempuri.org/Imports">
> <xsd:import
> schemaLocation="http://nrio0230dco.pactual.net/services/SecureGateway/
> Calyps oGatewayCert/SecGtwServiceHost.svc?xsd=xsd0"
> namespace="http://tempuri.org/"
> />
> <xsd:import
> schemaLocation="http://nrio0230dco.pactual.net/services/SecureGateway/
> Calyps oGatewayCert/SecGtwServiceHost.svc?xsd=xsd1"
> namespace="http://schemas.microsoft.com/2003/10/Serialization/" />
> <xsd:import
> schemaLocation="http://nrio0230dco.pactual.net/services/SecureGateway/
> Calyps oGatewayCert/SecGtwServiceHost.svc?xsd=xsd2"
> namespace="http://schemas.datacontract.org/2004/07/Pactual.SecureGatew
> ay.Ser
> vices.Contracts" />
> </xsd:schema>
> </wsdl:types>
> <wsdl:message
> name="ISecGtwServiceContract_AuthenticateService_InputMessage">
> <wsdl:part name="parameters" element="tns:AuthenticateService" />
> </wsdl:message>
> <wsdl:message
> name="ISecGtwServiceContract_AuthenticateService_OutputMessage">
> <wsdl:part name="parameters"
element="tns:AuthenticateServiceResponse"
> />
> </wsdl:message>
> <wsdl:message
> name="ISecGtwServiceContract_ValidadeTokenService_InputMessage">
> <wsdl:part name="parameters" element="tns:ValidadeTokenService" />
> </wsdl:message>
> <wsdl:message
> name="ISecGtwServiceContract_ValidadeTokenService_OutputMessage">
> <wsdl:part name="parameters"
element="tns:ValidadeTokenServiceResponse"
> />
> </wsdl:message>
> <wsdl:message name="ISecGtwServiceContract_WhoIAm_InputMessage">
> <wsdl:part name="parameters" element="tns:WhoIAm" />
> </wsdl:message>
> <wsdl:message name="ISecGtwServiceContract_WhoIAm_OutputMessage">
> <wsdl:part name="parameters" element="tns:WhoIAmResponse" />
> </wsdl:message>
> <wsdl:portType name="ISecGtwServiceContract">
> <wsdl:operation name="AuthenticateService">
> <wsdl:input
>
wsaw:Action="http://tempuri.org/ISecGtwServiceContract/AuthenticateService"
> message="tns:ISecGtwServiceContract_AuthenticateService_InputMessage" />
> <wsdl:output
> wsaw:Action="http://tempuri.org/ISecGtwServiceContract/AuthenticateSer
> viceRe
> sponse"
> message="tns:ISecGtwServiceContract_AuthenticateService_OutputMessage" />
> </wsdl:operation>
> <wsdl:operation name="ValidadeTokenService">
> <wsdl:input
>
wsaw:Action="http://tempuri.org/ISecGtwServiceContract/ValidadeTokenService"
> message="tns:ISecGtwServiceContract_ValidadeTokenService_InputMessage" />
> <wsdl:output
> wsaw:Action="http://tempuri.org/ISecGtwServiceContract/ValidadeTokenSe
> rviceR
> esponse"
> message="tns:ISecGtwServiceContract_ValidadeTokenService_OutputMessage" />
> </wsdl:operation>
> <wsdl:operation name="WhoIAm">
> <wsdl:input
> wsaw:Action="http://tempuri.org/ISecGtwServiceContract/WhoIAm"
> message="tns:ISecGtwServiceContract_WhoIAm_InputMessage" />
> <wsdl:output
> wsaw:Action="http://tempuri.org/ISecGtwServiceContract/WhoIAmResponse"
> message="tns:ISecGtwServiceContract_WhoIAm_OutputMessage" />
> </wsdl:operation>
> </wsdl:portType>
> <wsdl:binding name="CertificateEndPoint"
> type="tns:ISecGtwServiceContract">
> <wsp:PolicyReference URI="#CertificateEndPoint_policy" />
> <soap12:binding transport="http://schemas.xmlsoap.org/soap/http" />
> <wsdl:operation name="AuthenticateService">
> <soap12:operation
> soapAction="http://tempuri.org/ISecGtwServiceContract/AuthenticateService"
> style="document" />
> <wsdl:input>
> <wsp:PolicyReference
> URI="#CertificateEndPoint_AuthenticateService_Input_policy" />
> <soap12:body use="literal" />
> </wsdl:input>
> <wsdl:output>
> <wsp:PolicyReference
> URI="#CertificateEndPoint_AuthenticateService_output_policy" />
> <soap12:body use="literal" />
> </wsdl:output>
> </wsdl:operation>
> <wsdl:operation name="ValidadeTokenService">
> <soap12:operation
>
soapAction="http://tempuri.org/ISecGtwServiceContract/ValidadeTokenService"
> style="document" />
> <wsdl:input>
> <wsp:PolicyReference
> URI="#CertificateEndPoint_ValidadeTokenService_Input_policy" />
> <soap12:body use="literal" />
> </wsdl:input>
> <wsdl:output>
> <wsp:PolicyReference
> URI="#CertificateEndPoint_ValidadeTokenService_output_policy" />
> <soap12:body use="literal" />
> </wsdl:output>
> </wsdl:operation>
> <wsdl:operation name="WhoIAm">
> <soap12:operation
> soapAction="http://tempuri.org/ISecGtwServiceContract/WhoIAm"
> style="document" />
> <wsdl:input>
> <wsp:PolicyReference
URI="#CertificateEndPoint_WhoIAm_Input_policy"
> />
> <soap12:body use="literal" />
> </wsdl:input>
> <wsdl:output>
> <wsp:PolicyReference
URI="#CertificateEndPoint_WhoIAm_output_policy"
> />
> <soap12:body use="literal" />
> </wsdl:output>
> </wsdl:operation>
> </wsdl:binding>
> <wsdl:service name="SecGtwService">
> <wsdl:port name="CertificateEndPoint"
binding="tns:CertificateEndPoint">
> <soap12:address
> location="http://nrio0230dco.pactual.net/services/SecureGateway/Calyps
> oGatew
> ayCert/SecGtwServiceHost.svc" />
> <wsa10:EndpointReference>
>
> <wsa10:Address>http://nrio0230dco.pactual.net/services/SecureGateway/C
> alypso GatewayCert/SecGtwServiceHost.svc</wsa10:Address>
> <Identity
> xmlns="http://schemas.xmlsoap.org/ws/2006/02/addressingidentity">
> <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#
<http://www.w3.org/2000/09/xmldsig> ">
> <X509Data>
>
> <X509Certificate>MIIBxTCCAXOgAwIBAgIQoF4m3EAEm4RCITdLvQ/MxTAJBgUrDgMCH
> QUAMBY
> xFDASBgNVBAMTC1Jvb3QgQWdlbmN5MB4XDTEyMDcxODAwMjQzN1oXDTM5MTIzMTIzNTk1O
> VowKDE
> mMCQGA1UEAxMdUGFjdHVhbC5TZWN1cmVHYXRld2F5LlNlcnZpY2UwgZ8wDQYJKoZIhvcNA
> QEBBQA
> DgY0AMIGJAoGBAN7Bng23dMbhRgzQ3KuD1uox0MriWjJON3DL1tQsHqGqjE9ZiTeVnijDE
> Wxre93
> 8+/sELJ+Ru3mdoQae+ICfn3guBEwg80MBqeQlpNmWMssaKVWJAK5ur2YCo3UNoju2d+ZEg
> 8+D0
> 8+73tQ
> 4MLp68a3TfUEKrzrBbXZQbFak8opoyCPhAgMBAAGjSzBJMEcGA1UdAQRAMD6AEBLkCS0GH
> R1PAI1
> hIdwWZGOhGDAWMRQwEgYDVQQDEwtSb290IEFnZW5jeYIQBjdsAKoAZIoRz7jUqlw19DAJB
> gUrDgM
> CHQUAA0EAVL4d3PW6GhtrfEyYBghg5SIzwrsaKUvOsudIEPuOH8xWPbkgyFszcxKJpOj2d
> xawvNv srBo8D62D9xUTMexQHw==</X509Certificate>
> </X509Data>
> </KeyInfo>
> </Identity>
> </wsa10:EndpointReference>
> </wsdl:port>
> </wsdl:service>
> </wsdl:definitions>
>
>
> -----Mensagem original-----
> De: Colm O hEigeartaigh [mailto:coheigea@apache.org]
> Enviada: terça-feira, 28 de agosto de 2012 14:45
> Para: users@cxf.apache.org
> Assunto: Re: Using cxf with X509v3 certificates
>
> Yes, CXF supports this configuration. Your WSDL did not make it
> through though so I can't tell what the problem is. Try just copying
> and pasting the security binding directly into an email?
>
> Colm.
>
> On Tue, Aug 28, 2012 at 6:20 PM, Nícolas Fontenele <nf...@cpqi.com>
wrote:
>
>> Hi all,****
>>
>> ** **
>>
>> I'm developing a client service to consume a .net service with
>> x509v3 certificate using ws-security.****
>>
>> The Service uses symmetric binding, with
>> includeToken="prefix/AlwaysToRecipient" and a
>> <sp:ProtectionToken>.****
>>
>> I have two certificates, a *.pfx file and *.cer which I have to use
>> to
>> access.****
>>
>> My wsdl is attached.****
>>
>> My question is Does cxf supports this configuration?****
>>
>> ** **
>>
>> Best Regards,****
>>
>> ** **
>>
>> ** **
>>
>> *Nícolas Fontenele*
>>
>> ** **
>>
>
>
> --
> Colm O hEigeartaigh
>
> Talend Community Coder
> http://coders.talend.com
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
Re: Using cxf with X509v3 certificates
Posted by Colm O hEigeartaigh <co...@apache.org>.
As Glen said, you are mixing two different type of configuration. For the
WS-SecurityPolicy case you do not need to add any interceptors, as the
policy-based interceptors are added automatically when the WSDL contains
WS-SecurityPolicy expressions. See the WS-Security example system tests for
some configuration examples:
https://svn.apache.org/repos/asf/cxf/trunk/systests/ws-security-examples/
Colm.
On Wed, Aug 29, 2012 at 9:19 PM, Nícolas Fontenele <nf...@cpqi.com> wrote:
> Thanks Glenn, Do you know some examples of WS-SecPol only?
> What I did is set some properties in the request context that I saw in the
> documentation http://cxf.apache.org/docs/ws-securitypolicy.html .
> Funny thing is that cxf asks for this property below:
>
> Map<String, Object> ctx = ((BindingProvider) port).getRequestContext();
>
> ctx.put("ws-security.token", new SecurityToken());
>
> which isnt wrote in the documentation. Do you have any ideia which token
> should I put there?
>
> Best Regards,
>
> Nícolas Fontenele
>
>
> -----Mensagem original-----
> De: Glen Mazza [mailto:gmazza@talend.com]
> Enviada: terça-feira, 28 de agosto de 2012 16:43
> Para: users@cxf.apache.org
> Assunto: Re: Using cxf with X509v3 certificates
>
> From your earlier email you're using WS-SecurityPolicy in your WSDL, so
> you
> shouldn't be using the WSS4J Out/In interceptors--that's strictly for
> non-WS-SecPol use.
>
> Glen
>
> On 08/28/2012 03:28 PM, Nícolas Fontenele wrote:
> > Im also adding my code here .
> > Thanks!!
> >
> > public class Client {
> >
> > private static final String WSU_NS =
> > "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-ut
> > ility-
> > 1.0.xsd";
> >
> > public static void main(String args[]) {
> >
> > try {
> > // 02c6b75f-5fc8-4c05-a79f-78fa1ded10e1
> > WSS4JOutInterceptor wssOut = createOutProperties();
> > WSS4JInInterceptor wssIn = createInProperties();
> >
> > SecGtwService service = new SecGtwService(
> > new java.net.URL(
> >
> > "http://nrio083fcom.develop.net/services/SecureGateway/CalypsoGatewayC
> > ert/Se
> > cGtwServiceHost.svc?wsdl"));
> > ISecGtwServiceContract port =
> > service.getCertificateEndPoint();
> >
> > org.apache.cxf.endpoint.Client client =
> > ClientProxy.getClient(port);
> >
> > client.getInInterceptors().add(wssIn);
> > client.getOutInterceptors().add(wssOut);
> >
> > Map<String, Object> ctx = ((BindingProvider) port)
> > .getRequestContext();
> >
> > ctx.put("ws-security.token", new SecurityToken());
> > System.out.println(port.whoIAm());
> >
> > } catch (MalformedURLException e) {
> > // TODO Auto-generated catch block
> > e.printStackTrace();
> > }
> >
> > }
> >
> > private static WSS4JInInterceptor createInProperties() {
> > Map<String, Object> inProps = new HashMap<String, Object>();
> > inProps.put(WSHandlerConstants.ACTION,
> > "UsernameToken Timestamp Signature Encrypt");
> > inProps.put("passwordType", "PasswordText");
> > inProps.put("passwordCallbackClass",
> > ClientPasswordCallback.class.getName());
> > inProps.put("decryptionPropFile", "etc/client_enc.properties");
> > inProps.put("encryptionKeyIdentifier", "IssuerSerial");
> >
> > inProps.put("signaturePropFile", "etc/client_sign.properties");
> > inProps.put("signatureKeyIdentifier", "DirectReference");
> >
> > return new WSS4JInInterceptor(inProps);
> >
> > }
> >
> > private static WSS4JOutInterceptor createOutProperties() {
> > Map<String, Object> outProps = new HashMap<String, Object>();
> > outProps.put(WSHandlerConstants.ACTION,
> > "UsernameToken Timestamp Signature Encrypt");
> > outProps.put("passwordType", "PasswordDigest");
> >
> > outProps.put(WSHandlerConstants.USER,
> > "02c6b75f-5fc8-4c05-a79f-78fa1ded10e1");
> > outProps.put(WSHandlerConstants.PW_CALLBACK_CLASS,
> > ClientPasswordCallback.class.getName());
> >
> > outProps.put("encryptionUser", "pub");
> > outProps.put(WSHandlerConstants.ENC_PROP_FILE,
> > "etc/client_enc.properties");
> >
> > outProps.put("encryptionKeyIdentifier", "IssuerSerial");
> > outProps.put("encryptionParts", "{Element}{" + WSU_NS +
> > "}Timestamp;"
> > + "{Content}" +
> > "{http://www.w3.org/2003/05/soap-envelope}Body");
> >
> > outProps.put(WSHandlerConstants.SIG_PROP_FILE,
> > "etc/client_sign.properties");
> >
> > outProps.put("signatureKeyIdentifier", "DirectReference");
> > outProps.put("signatureParts", "{Element}{" + WSU_NS +
> "}Timestamp;"
> > + "{Element}" +
> > "{http://www.w3.org/2003/05/soap-envelope}Body");
> >
> > return new WSS4JOutInterceptor(outProps);
> >
> > }
> >
> > -----Mensagem original-----
> > De: Nícolas Fontenele [mailto:nfrota@cpqi.com]
> > Enviada: terça-feira, 28 de agosto de 2012 15:11
> > Para: users@cxf.apache.org; coheigea@apache.org
> > Assunto: RE: Using cxf with X509v3 certificates
> >
> > Thanks for the answer, I'll paste wsdl here.
> > What I have been trying is use wss4j interceptors as I can see in some
> > examples.
> > I imported both certificates on my keystore and I can see debugging
> > that the password handler get the keys from that.
> > My problem right now is that CXF is expecting an initial token ( of a
> > class SecurityToken ) on the request context property
> > ''ws-security.token''. I saw it debugging.
> > Is correct to use this property?
> > I saw in ws security samples that only set properties on the
> > interceptors and not in the requestcontext of the client.
> > And if this behavior is correct, How can I create this token? Should
> > I use another property?
> >
> > Wsdl is below, any idea?
> > Thanks!
> >
> > <?xml version="1.0" encoding="utf-8"?> <wsdl:definitions
> > xmlns:wsap="http://schemas.xmlsoap.org/ws/2004/08/addressing/policy"
> > xmlns:wsa10="http://www.w3.org/2005/08/addressing"
> > xmlns:tns="http://tempuri.org/"
> > xmlns:msc="http://schemas.microsoft.com/ws/2005/12/wsdl/contract"
> > xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/"
> > xmlns:wsx="http://schemas.xmlsoap.org/ws/2004/09/mex"
> > xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
> > xmlns:wsam="http://www.w3.org/2007/05/addressing/metadata"
> > xmlns:soap12="http://schemas.xmlsoap.org/wsdl/soap12/"
> > xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"
> > xmlns:wsaw="http://www.w3.org/2006/05/addressing/wsdl"
> > xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/"
> > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wss
> > ecurit y-utility-1.0.xsd" xmlns:xsd="http://www.w3.org/2001/XMLSchema"
> > name="SecGtwService" targetNamespace="http://tempuri.org/"
> > xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">
> > <wsp:Policy wsu:Id="CertificateEndPoint_policy">
> > <wsp:ExactlyOne>
> > <wsp:All>
> > <sp:SymmetricBinding
> > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> > <wsp:Policy>
> > <sp:ProtectionToken>
> > <wsp:Policy>
> > <sp:SecureConversationToken
> > sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/
> > Includ
> > eToken/AlwaysToRecipient">
> > <wsp:Policy>
> > <sp:RequireDerivedKeys />
> > <sp:BootstrapPolicy>
> > <wsp:Policy>
> > <sp:SignedParts>
> > <sp:Body />
> > <sp:Header Name="To"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> > <sp:Header Name="From"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> > <sp:Header Name="FaultTo"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> > <sp:Header Name="ReplyTo"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> > <sp:Header Name="MessageID"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> > <sp:Header Name="RelatesTo"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> > <sp:Header Name="Action"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> > </sp:SignedParts>
> > <sp:EncryptedParts>
> > <sp:Body />
> > </sp:EncryptedParts>
> > <sp:SymmetricBinding>
> > <wsp:Policy>
> > <sp:ProtectionToken>
> > <wsp:Policy>
> > <mssp:SslContextToken
> > sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/
> > Includ
> > eToken/AlwaysToRecipient"
> > xmlns:mssp="http://schemas.microsoft.com/ws/2005/07/securitypolicy">
> > <wsp:Policy>
> > <sp:RequireDerivedKeys />
> > <mssp:RequireClientCertificate />
> > </wsp:Policy>
> > </mssp:SslContextToken>
> > </wsp:Policy>
> > </sp:ProtectionToken>
> > <sp:AlgorithmSuite>
> > <wsp:Policy>
> > <sp:Basic256 />
> > </wsp:Policy>
> > </sp:AlgorithmSuite>
> > <sp:Layout>
> > <wsp:Policy>
> > <sp:Strict />
> > </wsp:Policy>
> > </sp:Layout>
> > <sp:IncludeTimestamp />
> > <sp:EncryptSignature />
> > <sp:OnlySignEntireHeadersAndBody />
> > </wsp:Policy>
> > </sp:SymmetricBinding>
> > <sp:Wss11>
> > <wsp:Policy />
> > </sp:Wss11>
> > <sp:Trust10>
> > <wsp:Policy>
> > <sp:MustSupportIssuedTokens />
> > <sp:RequireClientEntropy />
> > <sp:RequireServerEntropy />
> > </wsp:Policy>
> > </sp:Trust10>
> > </wsp:Policy>
> > </sp:BootstrapPolicy>
> > </wsp:Policy>
> > </sp:SecureConversationToken>
> > </wsp:Policy>
> > </sp:ProtectionToken>
> > <sp:AlgorithmSuite>
> > <wsp:Policy>
> > <sp:Basic256 />
> > </wsp:Policy>
> > </sp:AlgorithmSuite>
> > <sp:Layout>
> > <wsp:Policy>
> > <sp:Strict />
> > </wsp:Policy>
> > </sp:Layout>
> > <sp:IncludeTimestamp />
> > <sp:EncryptSignature />
> > <sp:OnlySignEntireHeadersAndBody />
> > </wsp:Policy>
> > </sp:SymmetricBinding>
> > <sp:Wss11
> > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> > <wsp:Policy />
> > </sp:Wss11>
> > <sp:Trust10
> > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> > <wsp:Policy>
> > <sp:MustSupportIssuedTokens />
> > <sp:RequireClientEntropy />
> > <sp:RequireServerEntropy />
> > </wsp:Policy>
> > </sp:Trust10>
> > <wsaw:UsingAddressing />
> > </wsp:All>
> > </wsp:ExactlyOne>
> > </wsp:Policy>
> > <wsp:Policy
> wsu:Id="CertificateEndPoint_AuthenticateService_Input_policy">
> > <wsp:ExactlyOne>
> > <wsp:All>
> > <sp:SignedParts
> > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> > <sp:Body />
> > <sp:Header Name="To"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> > <sp:Header Name="From"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> > <sp:Header Name="FaultTo"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> > <sp:Header Name="ReplyTo"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> > <sp:Header Name="MessageID"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> > <sp:Header Name="RelatesTo"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> > <sp:Header Name="Action"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> > </sp:SignedParts>
> > <sp:EncryptedParts
> > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> > <sp:Body />
> > </sp:EncryptedParts>
> > </wsp:All>
> > </wsp:ExactlyOne>
> > </wsp:Policy>
> > <wsp:Policy
> > wsu:Id="CertificateEndPoint_AuthenticateService_output_policy">
> > <wsp:ExactlyOne>
> > <wsp:All>
> > <sp:SignedParts
> > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> > <sp:Body />
> > <sp:Header Name="To"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> > <sp:Header Name="From"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> > <sp:Header Name="FaultTo"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> > <sp:Header Name="ReplyTo"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> > <sp:Header Name="MessageID"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> > <sp:Header Name="RelatesTo"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> > <sp:Header Name="Action"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> > </sp:SignedParts>
> > <sp:EncryptedParts
> > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> > <sp:Body />
> > </sp:EncryptedParts>
> > </wsp:All>
> > </wsp:ExactlyOne>
> > </wsp:Policy>
> > <wsp:Policy
> > wsu:Id="CertificateEndPoint_ValidadeTokenService_Input_policy">
> > <wsp:ExactlyOne>
> > <wsp:All>
> > <sp:SignedParts
> > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> > <sp:Body />
> > <sp:Header Name="To"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> > <sp:Header Name="From"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> > <sp:Header Name="FaultTo"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> > <sp:Header Name="ReplyTo"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> > <sp:Header Name="MessageID"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> > <sp:Header Name="RelatesTo"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> > <sp:Header Name="Action"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> > </sp:SignedParts>
> > <sp:EncryptedParts
> > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> > <sp:Body />
> > </sp:EncryptedParts>
> > </wsp:All>
> > </wsp:ExactlyOne>
> > </wsp:Policy>
> > <wsp:Policy
> > wsu:Id="CertificateEndPoint_ValidadeTokenService_output_policy">
> > <wsp:ExactlyOne>
> > <wsp:All>
> > <sp:SignedParts
> > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> > <sp:Body />
> > <sp:Header Name="To"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> > <sp:Header Name="From"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> > <sp:Header Name="FaultTo"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> > <sp:Header Name="ReplyTo"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> > <sp:Header Name="MessageID"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> > <sp:Header Name="RelatesTo"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> > <sp:Header Name="Action"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> > </sp:SignedParts>
> > <sp:EncryptedParts
> > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> > <sp:Body />
> > </sp:EncryptedParts>
> > </wsp:All>
> > </wsp:ExactlyOne>
> > </wsp:Policy>
> > <wsp:Policy wsu:Id="CertificateEndPoint_WhoIAm_Input_policy">
> > <wsp:ExactlyOne>
> > <wsp:All>
> > <sp:SignedParts
> > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> > <sp:Body />
> > <sp:Header Name="To"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> > <sp:Header Name="From"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> > <sp:Header Name="FaultTo"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> > <sp:Header Name="ReplyTo"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> > <sp:Header Name="MessageID"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> > <sp:Header Name="RelatesTo"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> > <sp:Header Name="Action"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> > </sp:SignedParts>
> > <sp:EncryptedParts
> > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> > <sp:Body />
> > </sp:EncryptedParts>
> > </wsp:All>
> > </wsp:ExactlyOne>
> > </wsp:Policy>
> > <wsp:Policy wsu:Id="CertificateEndPoint_WhoIAm_output_policy">
> > <wsp:ExactlyOne>
> > <wsp:All>
> > <sp:SignedParts
> > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> > <sp:Body />
> > <sp:Header Name="To"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> > <sp:Header Name="From"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> > <sp:Header Name="FaultTo"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> > <sp:Header Name="ReplyTo"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> > <sp:Header Name="MessageID"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> > <sp:Header Name="RelatesTo"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> > <sp:Header Name="Action"
> > Namespace="http://www.w3.org/2005/08/addressing" />
> > </sp:SignedParts>
> > <sp:EncryptedParts
> > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> > <sp:Body />
> > </sp:EncryptedParts>
> > </wsp:All>
> > </wsp:ExactlyOne>
> > </wsp:Policy>
> > <wsdl:types>
> > <xsd:schema targetNamespace="http://tempuri.org/Imports">
> > <xsd:import
> > schemaLocation="http://nrio0230dco.pactual.net/services/SecureGateway/
> > Calyps oGatewayCert/SecGtwServiceHost.svc?xsd=xsd0"
> > namespace="http://tempuri.org/"
> > />
> > <xsd:import
> > schemaLocation="http://nrio0230dco.pactual.net/services/SecureGateway/
> > Calyps oGatewayCert/SecGtwServiceHost.svc?xsd=xsd1"
> > namespace="http://schemas.microsoft.com/2003/10/Serialization/" />
> > <xsd:import
> > schemaLocation="http://nrio0230dco.pactual.net/services/SecureGateway/
> > Calyps oGatewayCert/SecGtwServiceHost.svc?xsd=xsd2"
> > namespace="http://schemas.datacontract.org/2004/07/Pactual.SecureGatew
> > ay.Ser
> > vices.Contracts" />
> > </xsd:schema>
> > </wsdl:types>
> > <wsdl:message
> > name="ISecGtwServiceContract_AuthenticateService_InputMessage">
> > <wsdl:part name="parameters" element="tns:AuthenticateService" />
> > </wsdl:message>
> > <wsdl:message
> > name="ISecGtwServiceContract_AuthenticateService_OutputMessage">
> > <wsdl:part name="parameters"
> element="tns:AuthenticateServiceResponse"
> > />
> > </wsdl:message>
> > <wsdl:message
> > name="ISecGtwServiceContract_ValidadeTokenService_InputMessage">
> > <wsdl:part name="parameters" element="tns:ValidadeTokenService" />
> > </wsdl:message>
> > <wsdl:message
> > name="ISecGtwServiceContract_ValidadeTokenService_OutputMessage">
> > <wsdl:part name="parameters"
> element="tns:ValidadeTokenServiceResponse"
> > />
> > </wsdl:message>
> > <wsdl:message name="ISecGtwServiceContract_WhoIAm_InputMessage">
> > <wsdl:part name="parameters" element="tns:WhoIAm" />
> > </wsdl:message>
> > <wsdl:message name="ISecGtwServiceContract_WhoIAm_OutputMessage">
> > <wsdl:part name="parameters" element="tns:WhoIAmResponse" />
> > </wsdl:message>
> > <wsdl:portType name="ISecGtwServiceContract">
> > <wsdl:operation name="AuthenticateService">
> > <wsdl:input
> >
> wsaw:Action="http://tempuri.org/ISecGtwServiceContract/AuthenticateService
> "
> > message="tns:ISecGtwServiceContract_AuthenticateService_InputMessage" />
> > <wsdl:output
> > wsaw:Action="http://tempuri.org/ISecGtwServiceContract/AuthenticateSer
> > viceRe
> > sponse"
> > message="tns:ISecGtwServiceContract_AuthenticateService_OutputMessage" />
> > </wsdl:operation>
> > <wsdl:operation name="ValidadeTokenService">
> > <wsdl:input
> >
> wsaw:Action="
> http://tempuri.org/ISecGtwServiceContract/ValidadeTokenService"
> > message="tns:ISecGtwServiceContract_ValidadeTokenService_InputMessage" />
> > <wsdl:output
> > wsaw:Action="http://tempuri.org/ISecGtwServiceContract/ValidadeTokenSe
> > rviceR
> > esponse"
> > message="tns:ISecGtwServiceContract_ValidadeTokenService_OutputMessage"
> />
> > </wsdl:operation>
> > <wsdl:operation name="WhoIAm">
> > <wsdl:input
> > wsaw:Action="http://tempuri.org/ISecGtwServiceContract/WhoIAm"
> > message="tns:ISecGtwServiceContract_WhoIAm_InputMessage" />
> > <wsdl:output
> > wsaw:Action="http://tempuri.org/ISecGtwServiceContract/WhoIAmResponse"
> > message="tns:ISecGtwServiceContract_WhoIAm_OutputMessage" />
> > </wsdl:operation>
> > </wsdl:portType>
> > <wsdl:binding name="CertificateEndPoint"
> > type="tns:ISecGtwServiceContract">
> > <wsp:PolicyReference URI="#CertificateEndPoint_policy" />
> > <soap12:binding transport="http://schemas.xmlsoap.org/soap/http" />
> > <wsdl:operation name="AuthenticateService">
> > <soap12:operation
> > soapAction="
> http://tempuri.org/ISecGtwServiceContract/AuthenticateService"
> > style="document" />
> > <wsdl:input>
> > <wsp:PolicyReference
> > URI="#CertificateEndPoint_AuthenticateService_Input_policy" />
> > <soap12:body use="literal" />
> > </wsdl:input>
> > <wsdl:output>
> > <wsp:PolicyReference
> > URI="#CertificateEndPoint_AuthenticateService_output_policy" />
> > <soap12:body use="literal" />
> > </wsdl:output>
> > </wsdl:operation>
> > <wsdl:operation name="ValidadeTokenService">
> > <soap12:operation
> >
> soapAction="http://tempuri.org/ISecGtwServiceContract/ValidadeTokenService
> "
> > style="document" />
> > <wsdl:input>
> > <wsp:PolicyReference
> > URI="#CertificateEndPoint_ValidadeTokenService_Input_policy" />
> > <soap12:body use="literal" />
> > </wsdl:input>
> > <wsdl:output>
> > <wsp:PolicyReference
> > URI="#CertificateEndPoint_ValidadeTokenService_output_policy" />
> > <soap12:body use="literal" />
> > </wsdl:output>
> > </wsdl:operation>
> > <wsdl:operation name="WhoIAm">
> > <soap12:operation
> > soapAction="http://tempuri.org/ISecGtwServiceContract/WhoIAm"
> > style="document" />
> > <wsdl:input>
> > <wsp:PolicyReference
> URI="#CertificateEndPoint_WhoIAm_Input_policy"
> > />
> > <soap12:body use="literal" />
> > </wsdl:input>
> > <wsdl:output>
> > <wsp:PolicyReference
> URI="#CertificateEndPoint_WhoIAm_output_policy"
> > />
> > <soap12:body use="literal" />
> > </wsdl:output>
> > </wsdl:operation>
> > </wsdl:binding>
> > <wsdl:service name="SecGtwService">
> > <wsdl:port name="CertificateEndPoint"
> binding="tns:CertificateEndPoint">
> > <soap12:address
> > location="http://nrio0230dco.pactual.net/services/SecureGateway/Calyps
> > oGatew
> > ayCert/SecGtwServiceHost.svc" />
> > <wsa10:EndpointReference>
> >
> > <wsa10:Address>http://nrio0230dco.pactual.net/services/SecureGateway/C
> > alypso GatewayCert/SecGtwServiceHost.svc</wsa10:Address>
> > <Identity
> > xmlns="http://schemas.xmlsoap.org/ws/2006/02/addressingidentity">
> > <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
> > <X509Data>
> >
> > <X509Certificate>MIIBxTCCAXOgAwIBAgIQoF4m3EAEm4RCITdLvQ/MxTAJBgUrDgMCH
> > QUAMBY
> > xFDASBgNVBAMTC1Jvb3QgQWdlbmN5MB4XDTEyMDcxODAwMjQzN1oXDTM5MTIzMTIzNTk1O
> > VowKDE
> > mMCQGA1UEAxMdUGFjdHVhbC5TZWN1cmVHYXRld2F5LlNlcnZpY2UwgZ8wDQYJKoZIhvcNA
> > QEBBQA
> > DgY0AMIGJAoGBAN7Bng23dMbhRgzQ3KuD1uox0MriWjJON3DL1tQsHqGqjE9ZiTeVnijDE
> > Wxre93
> > 8+/sELJ+Ru3mdoQae+ICfn3guBEwg80MBqeQlpNmWMssaKVWJAK5ur2YCo3UNoju2d+ZEg
> > 8+D0
> > 8+73tQ
> > 4MLp68a3TfUEKrzrBbXZQbFak8opoyCPhAgMBAAGjSzBJMEcGA1UdAQRAMD6AEBLkCS0GH
> > R1PAI1
> > hIdwWZGOhGDAWMRQwEgYDVQQDEwtSb290IEFnZW5jeYIQBjdsAKoAZIoRz7jUqlw19DAJB
> > gUrDgM
> > CHQUAA0EAVL4d3PW6GhtrfEyYBghg5SIzwrsaKUvOsudIEPuOH8xWPbkgyFszcxKJpOj2d
> > xawvNv srBo8D62D9xUTMexQHw==</X509Certificate>
> > </X509Data>
> > </KeyInfo>
> > </Identity>
> > </wsa10:EndpointReference>
> > </wsdl:port>
> > </wsdl:service>
> > </wsdl:definitions>
> >
> >
> > -----Mensagem original-----
> > De: Colm O hEigeartaigh [mailto:coheigea@apache.org]
> > Enviada: terça-feira, 28 de agosto de 2012 14:45
> > Para: users@cxf.apache.org
> > Assunto: Re: Using cxf with X509v3 certificates
> >
> > Yes, CXF supports this configuration. Your WSDL did not make it
> > through though so I can't tell what the problem is. Try just copying
> > and pasting the security binding directly into an email?
> >
> > Colm.
> >
> > On Tue, Aug 28, 2012 at 6:20 PM, Nícolas Fontenele <nf...@cpqi.com>
> wrote:
> >
> >> Hi all,****
> >>
> >> ** **
> >>
> >> I'm developing a client service to consume a .net service with
> >> x509v3 certificate using ws-security.****
> >>
> >> The Service uses symmetric binding, with
> >> includeToken="prefix/AlwaysToRecipient" and a
> >> <sp:ProtectionToken>.****
> >>
> >> I have two certificates, a *.pfx file and *.cer which I have to use
> >> to
> >> access.****
> >>
> >> My wsdl is attached.****
> >>
> >> My question is Does cxf supports this configuration?****
> >>
> >> ** **
> >>
> >> Best Regards,****
> >>
> >> ** **
> >>
> >> ** **
> >>
> >> *Nícolas Fontenele*
> >>
> >> ** **
> >>
> >
> >
> > --
> > Colm O hEigeartaigh
> >
> > Talend Community Coder
> > http://coders.talend.com
> >
>
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
RE: Using cxf with X509v3 certificates
Posted by Nícolas Fontenele <nf...@cpqi.com>.
Thanks Glenn, Do you know some examples of WS-SecPol only?
What I did is set some properties in the request context that I saw in the
documentation http://cxf.apache.org/docs/ws-securitypolicy.html .
Funny thing is that cxf asks for this property below:
Map<String, Object> ctx = ((BindingProvider) port).getRequestContext();
ctx.put("ws-security.token", new SecurityToken());
which isnt wrote in the documentation. Do you have any ideia which token
should I put there?
Best Regards,
Nícolas Fontenele
-----Mensagem original-----
De: Glen Mazza [mailto:gmazza@talend.com]
Enviada: terça-feira, 28 de agosto de 2012 16:43
Para: users@cxf.apache.org
Assunto: Re: Using cxf with X509v3 certificates
From your earlier email you're using WS-SecurityPolicy in your WSDL, so you
shouldn't be using the WSS4J Out/In interceptors--that's strictly for
non-WS-SecPol use.
Glen
On 08/28/2012 03:28 PM, Nícolas Fontenele wrote:
> Im also adding my code here .
> Thanks!!
>
> public class Client {
>
> private static final String WSU_NS =
> "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-ut
> ility-
> 1.0.xsd";
>
> public static void main(String args[]) {
>
> try {
> // 02c6b75f-5fc8-4c05-a79f-78fa1ded10e1
> WSS4JOutInterceptor wssOut = createOutProperties();
> WSS4JInInterceptor wssIn = createInProperties();
>
> SecGtwService service = new SecGtwService(
> new java.net.URL(
>
> "http://nrio083fcom.develop.net/services/SecureGateway/CalypsoGatewayC
> ert/Se
> cGtwServiceHost.svc?wsdl"));
> ISecGtwServiceContract port =
> service.getCertificateEndPoint();
>
> org.apache.cxf.endpoint.Client client =
> ClientProxy.getClient(port);
>
> client.getInInterceptors().add(wssIn);
> client.getOutInterceptors().add(wssOut);
>
> Map<String, Object> ctx = ((BindingProvider) port)
> .getRequestContext();
>
> ctx.put("ws-security.token", new SecurityToken());
> System.out.println(port.whoIAm());
>
> } catch (MalformedURLException e) {
> // TODO Auto-generated catch block
> e.printStackTrace();
> }
>
> }
>
> private static WSS4JInInterceptor createInProperties() {
> Map<String, Object> inProps = new HashMap<String, Object>();
> inProps.put(WSHandlerConstants.ACTION,
> "UsernameToken Timestamp Signature Encrypt");
> inProps.put("passwordType", "PasswordText");
> inProps.put("passwordCallbackClass",
> ClientPasswordCallback.class.getName());
> inProps.put("decryptionPropFile", "etc/client_enc.properties");
> inProps.put("encryptionKeyIdentifier", "IssuerSerial");
>
> inProps.put("signaturePropFile", "etc/client_sign.properties");
> inProps.put("signatureKeyIdentifier", "DirectReference");
>
> return new WSS4JInInterceptor(inProps);
>
> }
>
> private static WSS4JOutInterceptor createOutProperties() {
> Map<String, Object> outProps = new HashMap<String, Object>();
> outProps.put(WSHandlerConstants.ACTION,
> "UsernameToken Timestamp Signature Encrypt");
> outProps.put("passwordType", "PasswordDigest");
>
> outProps.put(WSHandlerConstants.USER,
> "02c6b75f-5fc8-4c05-a79f-78fa1ded10e1");
> outProps.put(WSHandlerConstants.PW_CALLBACK_CLASS,
> ClientPasswordCallback.class.getName());
>
> outProps.put("encryptionUser", "pub");
> outProps.put(WSHandlerConstants.ENC_PROP_FILE,
> "etc/client_enc.properties");
>
> outProps.put("encryptionKeyIdentifier", "IssuerSerial");
> outProps.put("encryptionParts", "{Element}{" + WSU_NS +
> "}Timestamp;"
> + "{Content}" +
> "{http://www.w3.org/2003/05/soap-envelope}Body");
>
> outProps.put(WSHandlerConstants.SIG_PROP_FILE,
> "etc/client_sign.properties");
>
> outProps.put("signatureKeyIdentifier", "DirectReference");
> outProps.put("signatureParts", "{Element}{" + WSU_NS + "}Timestamp;"
> + "{Element}" +
> "{http://www.w3.org/2003/05/soap-envelope}Body");
>
> return new WSS4JOutInterceptor(outProps);
>
> }
>
> -----Mensagem original-----
> De: Nícolas Fontenele [mailto:nfrota@cpqi.com]
> Enviada: terça-feira, 28 de agosto de 2012 15:11
> Para: users@cxf.apache.org; coheigea@apache.org
> Assunto: RE: Using cxf with X509v3 certificates
>
> Thanks for the answer, I'll paste wsdl here.
> What I have been trying is use wss4j interceptors as I can see in some
> examples.
> I imported both certificates on my keystore and I can see debugging
> that the password handler get the keys from that.
> My problem right now is that CXF is expecting an initial token ( of a
> class SecurityToken ) on the request context property
> ''ws-security.token''. I saw it debugging.
> Is correct to use this property?
> I saw in ws security samples that only set properties on the
> interceptors and not in the requestcontext of the client.
> And if this behavior is correct, How can I create this token? Should
> I use another property?
>
> Wsdl is below, any idea?
> Thanks!
>
> <?xml version="1.0" encoding="utf-8"?> <wsdl:definitions
> xmlns:wsap="http://schemas.xmlsoap.org/ws/2004/08/addressing/policy"
> xmlns:wsa10="http://www.w3.org/2005/08/addressing"
> xmlns:tns="http://tempuri.org/"
> xmlns:msc="http://schemas.microsoft.com/ws/2005/12/wsdl/contract"
> xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/"
> xmlns:wsx="http://schemas.xmlsoap.org/ws/2004/09/mex"
> xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
> xmlns:wsam="http://www.w3.org/2007/05/addressing/metadata"
> xmlns:soap12="http://schemas.xmlsoap.org/wsdl/soap12/"
> xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"
> xmlns:wsaw="http://www.w3.org/2006/05/addressing/wsdl"
> xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/"
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wss
> ecurit y-utility-1.0.xsd" xmlns:xsd="http://www.w3.org/2001/XMLSchema"
> name="SecGtwService" targetNamespace="http://tempuri.org/"
> xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">
> <wsp:Policy wsu:Id="CertificateEndPoint_policy">
> <wsp:ExactlyOne>
> <wsp:All>
> <sp:SymmetricBinding
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <wsp:Policy>
> <sp:ProtectionToken>
> <wsp:Policy>
> <sp:SecureConversationToken
> sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/
> Includ
> eToken/AlwaysToRecipient">
> <wsp:Policy>
> <sp:RequireDerivedKeys />
> <sp:BootstrapPolicy>
> <wsp:Policy>
> <sp:SignedParts>
> <sp:Body />
> <sp:Header Name="To"
> Namespace="http://www.w3.org/2005/08/addressing" />
> <sp:Header Name="From"
> Namespace="http://www.w3.org/2005/08/addressing" />
> <sp:Header Name="FaultTo"
> Namespace="http://www.w3.org/2005/08/addressing" />
> <sp:Header Name="ReplyTo"
> Namespace="http://www.w3.org/2005/08/addressing" />
> <sp:Header Name="MessageID"
> Namespace="http://www.w3.org/2005/08/addressing" />
> <sp:Header Name="RelatesTo"
> Namespace="http://www.w3.org/2005/08/addressing" />
> <sp:Header Name="Action"
> Namespace="http://www.w3.org/2005/08/addressing" />
> </sp:SignedParts>
> <sp:EncryptedParts>
> <sp:Body />
> </sp:EncryptedParts>
> <sp:SymmetricBinding>
> <wsp:Policy>
> <sp:ProtectionToken>
> <wsp:Policy>
> <mssp:SslContextToken
> sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/
> Includ
> eToken/AlwaysToRecipient"
> xmlns:mssp="http://schemas.microsoft.com/ws/2005/07/securitypolicy">
> <wsp:Policy>
> <sp:RequireDerivedKeys />
> <mssp:RequireClientCertificate />
> </wsp:Policy>
> </mssp:SslContextToken>
> </wsp:Policy>
> </sp:ProtectionToken>
> <sp:AlgorithmSuite>
> <wsp:Policy>
> <sp:Basic256 />
> </wsp:Policy>
> </sp:AlgorithmSuite>
> <sp:Layout>
> <wsp:Policy>
> <sp:Strict />
> </wsp:Policy>
> </sp:Layout>
> <sp:IncludeTimestamp />
> <sp:EncryptSignature />
> <sp:OnlySignEntireHeadersAndBody />
> </wsp:Policy>
> </sp:SymmetricBinding>
> <sp:Wss11>
> <wsp:Policy />
> </sp:Wss11>
> <sp:Trust10>
> <wsp:Policy>
> <sp:MustSupportIssuedTokens />
> <sp:RequireClientEntropy />
> <sp:RequireServerEntropy />
> </wsp:Policy>
> </sp:Trust10>
> </wsp:Policy>
> </sp:BootstrapPolicy>
> </wsp:Policy>
> </sp:SecureConversationToken>
> </wsp:Policy>
> </sp:ProtectionToken>
> <sp:AlgorithmSuite>
> <wsp:Policy>
> <sp:Basic256 />
> </wsp:Policy>
> </sp:AlgorithmSuite>
> <sp:Layout>
> <wsp:Policy>
> <sp:Strict />
> </wsp:Policy>
> </sp:Layout>
> <sp:IncludeTimestamp />
> <sp:EncryptSignature />
> <sp:OnlySignEntireHeadersAndBody />
> </wsp:Policy>
> </sp:SymmetricBinding>
> <sp:Wss11
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <wsp:Policy />
> </sp:Wss11>
> <sp:Trust10
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <wsp:Policy>
> <sp:MustSupportIssuedTokens />
> <sp:RequireClientEntropy />
> <sp:RequireServerEntropy />
> </wsp:Policy>
> </sp:Trust10>
> <wsaw:UsingAddressing />
> </wsp:All>
> </wsp:ExactlyOne>
> </wsp:Policy>
> <wsp:Policy
wsu:Id="CertificateEndPoint_AuthenticateService_Input_policy">
> <wsp:ExactlyOne>
> <wsp:All>
> <sp:SignedParts
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <sp:Body />
> <sp:Header Name="To"
> Namespace="http://www.w3.org/2005/08/addressing" />
> <sp:Header Name="From"
> Namespace="http://www.w3.org/2005/08/addressing" />
> <sp:Header Name="FaultTo"
> Namespace="http://www.w3.org/2005/08/addressing" />
> <sp:Header Name="ReplyTo"
> Namespace="http://www.w3.org/2005/08/addressing" />
> <sp:Header Name="MessageID"
> Namespace="http://www.w3.org/2005/08/addressing" />
> <sp:Header Name="RelatesTo"
> Namespace="http://www.w3.org/2005/08/addressing" />
> <sp:Header Name="Action"
> Namespace="http://www.w3.org/2005/08/addressing" />
> </sp:SignedParts>
> <sp:EncryptedParts
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <sp:Body />
> </sp:EncryptedParts>
> </wsp:All>
> </wsp:ExactlyOne>
> </wsp:Policy>
> <wsp:Policy
> wsu:Id="CertificateEndPoint_AuthenticateService_output_policy">
> <wsp:ExactlyOne>
> <wsp:All>
> <sp:SignedParts
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <sp:Body />
> <sp:Header Name="To"
> Namespace="http://www.w3.org/2005/08/addressing" />
> <sp:Header Name="From"
> Namespace="http://www.w3.org/2005/08/addressing" />
> <sp:Header Name="FaultTo"
> Namespace="http://www.w3.org/2005/08/addressing" />
> <sp:Header Name="ReplyTo"
> Namespace="http://www.w3.org/2005/08/addressing" />
> <sp:Header Name="MessageID"
> Namespace="http://www.w3.org/2005/08/addressing" />
> <sp:Header Name="RelatesTo"
> Namespace="http://www.w3.org/2005/08/addressing" />
> <sp:Header Name="Action"
> Namespace="http://www.w3.org/2005/08/addressing" />
> </sp:SignedParts>
> <sp:EncryptedParts
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <sp:Body />
> </sp:EncryptedParts>
> </wsp:All>
> </wsp:ExactlyOne>
> </wsp:Policy>
> <wsp:Policy
> wsu:Id="CertificateEndPoint_ValidadeTokenService_Input_policy">
> <wsp:ExactlyOne>
> <wsp:All>
> <sp:SignedParts
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <sp:Body />
> <sp:Header Name="To"
> Namespace="http://www.w3.org/2005/08/addressing" />
> <sp:Header Name="From"
> Namespace="http://www.w3.org/2005/08/addressing" />
> <sp:Header Name="FaultTo"
> Namespace="http://www.w3.org/2005/08/addressing" />
> <sp:Header Name="ReplyTo"
> Namespace="http://www.w3.org/2005/08/addressing" />
> <sp:Header Name="MessageID"
> Namespace="http://www.w3.org/2005/08/addressing" />
> <sp:Header Name="RelatesTo"
> Namespace="http://www.w3.org/2005/08/addressing" />
> <sp:Header Name="Action"
> Namespace="http://www.w3.org/2005/08/addressing" />
> </sp:SignedParts>
> <sp:EncryptedParts
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <sp:Body />
> </sp:EncryptedParts>
> </wsp:All>
> </wsp:ExactlyOne>
> </wsp:Policy>
> <wsp:Policy
> wsu:Id="CertificateEndPoint_ValidadeTokenService_output_policy">
> <wsp:ExactlyOne>
> <wsp:All>
> <sp:SignedParts
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <sp:Body />
> <sp:Header Name="To"
> Namespace="http://www.w3.org/2005/08/addressing" />
> <sp:Header Name="From"
> Namespace="http://www.w3.org/2005/08/addressing" />
> <sp:Header Name="FaultTo"
> Namespace="http://www.w3.org/2005/08/addressing" />
> <sp:Header Name="ReplyTo"
> Namespace="http://www.w3.org/2005/08/addressing" />
> <sp:Header Name="MessageID"
> Namespace="http://www.w3.org/2005/08/addressing" />
> <sp:Header Name="RelatesTo"
> Namespace="http://www.w3.org/2005/08/addressing" />
> <sp:Header Name="Action"
> Namespace="http://www.w3.org/2005/08/addressing" />
> </sp:SignedParts>
> <sp:EncryptedParts
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <sp:Body />
> </sp:EncryptedParts>
> </wsp:All>
> </wsp:ExactlyOne>
> </wsp:Policy>
> <wsp:Policy wsu:Id="CertificateEndPoint_WhoIAm_Input_policy">
> <wsp:ExactlyOne>
> <wsp:All>
> <sp:SignedParts
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <sp:Body />
> <sp:Header Name="To"
> Namespace="http://www.w3.org/2005/08/addressing" />
> <sp:Header Name="From"
> Namespace="http://www.w3.org/2005/08/addressing" />
> <sp:Header Name="FaultTo"
> Namespace="http://www.w3.org/2005/08/addressing" />
> <sp:Header Name="ReplyTo"
> Namespace="http://www.w3.org/2005/08/addressing" />
> <sp:Header Name="MessageID"
> Namespace="http://www.w3.org/2005/08/addressing" />
> <sp:Header Name="RelatesTo"
> Namespace="http://www.w3.org/2005/08/addressing" />
> <sp:Header Name="Action"
> Namespace="http://www.w3.org/2005/08/addressing" />
> </sp:SignedParts>
> <sp:EncryptedParts
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <sp:Body />
> </sp:EncryptedParts>
> </wsp:All>
> </wsp:ExactlyOne>
> </wsp:Policy>
> <wsp:Policy wsu:Id="CertificateEndPoint_WhoIAm_output_policy">
> <wsp:ExactlyOne>
> <wsp:All>
> <sp:SignedParts
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <sp:Body />
> <sp:Header Name="To"
> Namespace="http://www.w3.org/2005/08/addressing" />
> <sp:Header Name="From"
> Namespace="http://www.w3.org/2005/08/addressing" />
> <sp:Header Name="FaultTo"
> Namespace="http://www.w3.org/2005/08/addressing" />
> <sp:Header Name="ReplyTo"
> Namespace="http://www.w3.org/2005/08/addressing" />
> <sp:Header Name="MessageID"
> Namespace="http://www.w3.org/2005/08/addressing" />
> <sp:Header Name="RelatesTo"
> Namespace="http://www.w3.org/2005/08/addressing" />
> <sp:Header Name="Action"
> Namespace="http://www.w3.org/2005/08/addressing" />
> </sp:SignedParts>
> <sp:EncryptedParts
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <sp:Body />
> </sp:EncryptedParts>
> </wsp:All>
> </wsp:ExactlyOne>
> </wsp:Policy>
> <wsdl:types>
> <xsd:schema targetNamespace="http://tempuri.org/Imports">
> <xsd:import
> schemaLocation="http://nrio0230dco.pactual.net/services/SecureGateway/
> Calyps oGatewayCert/SecGtwServiceHost.svc?xsd=xsd0"
> namespace="http://tempuri.org/"
> />
> <xsd:import
> schemaLocation="http://nrio0230dco.pactual.net/services/SecureGateway/
> Calyps oGatewayCert/SecGtwServiceHost.svc?xsd=xsd1"
> namespace="http://schemas.microsoft.com/2003/10/Serialization/" />
> <xsd:import
> schemaLocation="http://nrio0230dco.pactual.net/services/SecureGateway/
> Calyps oGatewayCert/SecGtwServiceHost.svc?xsd=xsd2"
> namespace="http://schemas.datacontract.org/2004/07/Pactual.SecureGatew
> ay.Ser
> vices.Contracts" />
> </xsd:schema>
> </wsdl:types>
> <wsdl:message
> name="ISecGtwServiceContract_AuthenticateService_InputMessage">
> <wsdl:part name="parameters" element="tns:AuthenticateService" />
> </wsdl:message>
> <wsdl:message
> name="ISecGtwServiceContract_AuthenticateService_OutputMessage">
> <wsdl:part name="parameters"
element="tns:AuthenticateServiceResponse"
> />
> </wsdl:message>
> <wsdl:message
> name="ISecGtwServiceContract_ValidadeTokenService_InputMessage">
> <wsdl:part name="parameters" element="tns:ValidadeTokenService" />
> </wsdl:message>
> <wsdl:message
> name="ISecGtwServiceContract_ValidadeTokenService_OutputMessage">
> <wsdl:part name="parameters"
element="tns:ValidadeTokenServiceResponse"
> />
> </wsdl:message>
> <wsdl:message name="ISecGtwServiceContract_WhoIAm_InputMessage">
> <wsdl:part name="parameters" element="tns:WhoIAm" />
> </wsdl:message>
> <wsdl:message name="ISecGtwServiceContract_WhoIAm_OutputMessage">
> <wsdl:part name="parameters" element="tns:WhoIAmResponse" />
> </wsdl:message>
> <wsdl:portType name="ISecGtwServiceContract">
> <wsdl:operation name="AuthenticateService">
> <wsdl:input
>
wsaw:Action="http://tempuri.org/ISecGtwServiceContract/AuthenticateService"
> message="tns:ISecGtwServiceContract_AuthenticateService_InputMessage" />
> <wsdl:output
> wsaw:Action="http://tempuri.org/ISecGtwServiceContract/AuthenticateSer
> viceRe
> sponse"
> message="tns:ISecGtwServiceContract_AuthenticateService_OutputMessage" />
> </wsdl:operation>
> <wsdl:operation name="ValidadeTokenService">
> <wsdl:input
>
wsaw:Action="http://tempuri.org/ISecGtwServiceContract/ValidadeTokenService"
> message="tns:ISecGtwServiceContract_ValidadeTokenService_InputMessage" />
> <wsdl:output
> wsaw:Action="http://tempuri.org/ISecGtwServiceContract/ValidadeTokenSe
> rviceR
> esponse"
> message="tns:ISecGtwServiceContract_ValidadeTokenService_OutputMessage" />
> </wsdl:operation>
> <wsdl:operation name="WhoIAm">
> <wsdl:input
> wsaw:Action="http://tempuri.org/ISecGtwServiceContract/WhoIAm"
> message="tns:ISecGtwServiceContract_WhoIAm_InputMessage" />
> <wsdl:output
> wsaw:Action="http://tempuri.org/ISecGtwServiceContract/WhoIAmResponse"
> message="tns:ISecGtwServiceContract_WhoIAm_OutputMessage" />
> </wsdl:operation>
> </wsdl:portType>
> <wsdl:binding name="CertificateEndPoint"
> type="tns:ISecGtwServiceContract">
> <wsp:PolicyReference URI="#CertificateEndPoint_policy" />
> <soap12:binding transport="http://schemas.xmlsoap.org/soap/http" />
> <wsdl:operation name="AuthenticateService">
> <soap12:operation
> soapAction="http://tempuri.org/ISecGtwServiceContract/AuthenticateService"
> style="document" />
> <wsdl:input>
> <wsp:PolicyReference
> URI="#CertificateEndPoint_AuthenticateService_Input_policy" />
> <soap12:body use="literal" />
> </wsdl:input>
> <wsdl:output>
> <wsp:PolicyReference
> URI="#CertificateEndPoint_AuthenticateService_output_policy" />
> <soap12:body use="literal" />
> </wsdl:output>
> </wsdl:operation>
> <wsdl:operation name="ValidadeTokenService">
> <soap12:operation
>
soapAction="http://tempuri.org/ISecGtwServiceContract/ValidadeTokenService"
> style="document" />
> <wsdl:input>
> <wsp:PolicyReference
> URI="#CertificateEndPoint_ValidadeTokenService_Input_policy" />
> <soap12:body use="literal" />
> </wsdl:input>
> <wsdl:output>
> <wsp:PolicyReference
> URI="#CertificateEndPoint_ValidadeTokenService_output_policy" />
> <soap12:body use="literal" />
> </wsdl:output>
> </wsdl:operation>
> <wsdl:operation name="WhoIAm">
> <soap12:operation
> soapAction="http://tempuri.org/ISecGtwServiceContract/WhoIAm"
> style="document" />
> <wsdl:input>
> <wsp:PolicyReference
URI="#CertificateEndPoint_WhoIAm_Input_policy"
> />
> <soap12:body use="literal" />
> </wsdl:input>
> <wsdl:output>
> <wsp:PolicyReference
URI="#CertificateEndPoint_WhoIAm_output_policy"
> />
> <soap12:body use="literal" />
> </wsdl:output>
> </wsdl:operation>
> </wsdl:binding>
> <wsdl:service name="SecGtwService">
> <wsdl:port name="CertificateEndPoint"
binding="tns:CertificateEndPoint">
> <soap12:address
> location="http://nrio0230dco.pactual.net/services/SecureGateway/Calyps
> oGatew
> ayCert/SecGtwServiceHost.svc" />
> <wsa10:EndpointReference>
>
> <wsa10:Address>http://nrio0230dco.pactual.net/services/SecureGateway/C
> alypso GatewayCert/SecGtwServiceHost.svc</wsa10:Address>
> <Identity
> xmlns="http://schemas.xmlsoap.org/ws/2006/02/addressingidentity">
> <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
> <X509Data>
>
> <X509Certificate>MIIBxTCCAXOgAwIBAgIQoF4m3EAEm4RCITdLvQ/MxTAJBgUrDgMCH
> QUAMBY
> xFDASBgNVBAMTC1Jvb3QgQWdlbmN5MB4XDTEyMDcxODAwMjQzN1oXDTM5MTIzMTIzNTk1O
> VowKDE
> mMCQGA1UEAxMdUGFjdHVhbC5TZWN1cmVHYXRld2F5LlNlcnZpY2UwgZ8wDQYJKoZIhvcNA
> QEBBQA
> DgY0AMIGJAoGBAN7Bng23dMbhRgzQ3KuD1uox0MriWjJON3DL1tQsHqGqjE9ZiTeVnijDE
> Wxre93
> 8+/sELJ+Ru3mdoQae+ICfn3guBEwg80MBqeQlpNmWMssaKVWJAK5ur2YCo3UNoju2d+ZEg
> 8+D0
> 8+73tQ
> 4MLp68a3TfUEKrzrBbXZQbFak8opoyCPhAgMBAAGjSzBJMEcGA1UdAQRAMD6AEBLkCS0GH
> R1PAI1
> hIdwWZGOhGDAWMRQwEgYDVQQDEwtSb290IEFnZW5jeYIQBjdsAKoAZIoRz7jUqlw19DAJB
> gUrDgM
> CHQUAA0EAVL4d3PW6GhtrfEyYBghg5SIzwrsaKUvOsudIEPuOH8xWPbkgyFszcxKJpOj2d
> xawvNv srBo8D62D9xUTMexQHw==</X509Certificate>
> </X509Data>
> </KeyInfo>
> </Identity>
> </wsa10:EndpointReference>
> </wsdl:port>
> </wsdl:service>
> </wsdl:definitions>
>
>
> -----Mensagem original-----
> De: Colm O hEigeartaigh [mailto:coheigea@apache.org]
> Enviada: terça-feira, 28 de agosto de 2012 14:45
> Para: users@cxf.apache.org
> Assunto: Re: Using cxf with X509v3 certificates
>
> Yes, CXF supports this configuration. Your WSDL did not make it
> through though so I can't tell what the problem is. Try just copying
> and pasting the security binding directly into an email?
>
> Colm.
>
> On Tue, Aug 28, 2012 at 6:20 PM, Nícolas Fontenele <nf...@cpqi.com>
wrote:
>
>> Hi all,****
>>
>> ** **
>>
>> I'm developing a client service to consume a .net service with
>> x509v3 certificate using ws-security.****
>>
>> The Service uses symmetric binding, with
>> includeToken="prefix/AlwaysToRecipient" and a
>> <sp:ProtectionToken>.****
>>
>> I have two certificates, a *.pfx file and *.cer which I have to use
>> to
>> access.****
>>
>> My wsdl is attached.****
>>
>> My question is Does cxf supports this configuration?****
>>
>> ** **
>>
>> Best Regards,****
>>
>> ** **
>>
>> ** **
>>
>> *Nícolas Fontenele*
>>
>> ** **
>>
>
>
> --
> Colm O hEigeartaigh
>
> Talend Community Coder
> http://coders.talend.com
>
Re: Using cxf with X509v3 certificates
Posted by Glen Mazza <gm...@talend.com>.
From your earlier email you're using WS-SecurityPolicy in your WSDL, so
you shouldn't be using the WSS4J Out/In interceptors--that's strictly
for non-WS-SecPol use.
Glen
On 08/28/2012 03:28 PM, Nícolas Fontenele wrote:
> Im also adding my code here .
> Thanks!!
>
> public class Client {
>
> private static final String WSU_NS =
> "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-
> 1.0.xsd";
>
> public static void main(String args[]) {
>
> try {
> // 02c6b75f-5fc8-4c05-a79f-78fa1ded10e1
> WSS4JOutInterceptor wssOut = createOutProperties();
> WSS4JInInterceptor wssIn = createInProperties();
>
> SecGtwService service = new SecGtwService(
> new java.net.URL(
>
> "http://nrio083fcom.develop.net/services/SecureGateway/CalypsoGatewayCert/Se
> cGtwServiceHost.svc?wsdl"));
> ISecGtwServiceContract port = service.getCertificateEndPoint();
>
> org.apache.cxf.endpoint.Client client =
> ClientProxy.getClient(port);
>
> client.getInInterceptors().add(wssIn);
> client.getOutInterceptors().add(wssOut);
>
> Map<String, Object> ctx = ((BindingProvider) port)
> .getRequestContext();
>
> ctx.put("ws-security.token", new SecurityToken());
> System.out.println(port.whoIAm());
>
> } catch (MalformedURLException e) {
> // TODO Auto-generated catch block
> e.printStackTrace();
> }
>
> }
>
> private static WSS4JInInterceptor createInProperties() {
> Map<String, Object> inProps = new HashMap<String, Object>();
> inProps.put(WSHandlerConstants.ACTION,
> "UsernameToken Timestamp Signature Encrypt");
> inProps.put("passwordType", "PasswordText");
> inProps.put("passwordCallbackClass",
> ClientPasswordCallback.class.getName());
> inProps.put("decryptionPropFile", "etc/client_enc.properties");
> inProps.put("encryptionKeyIdentifier", "IssuerSerial");
>
> inProps.put("signaturePropFile", "etc/client_sign.properties");
> inProps.put("signatureKeyIdentifier", "DirectReference");
>
> return new WSS4JInInterceptor(inProps);
>
> }
>
> private static WSS4JOutInterceptor createOutProperties() {
> Map<String, Object> outProps = new HashMap<String, Object>();
> outProps.put(WSHandlerConstants.ACTION,
> "UsernameToken Timestamp Signature Encrypt");
> outProps.put("passwordType", "PasswordDigest");
>
> outProps.put(WSHandlerConstants.USER,
> "02c6b75f-5fc8-4c05-a79f-78fa1ded10e1");
> outProps.put(WSHandlerConstants.PW_CALLBACK_CLASS,
> ClientPasswordCallback.class.getName());
>
> outProps.put("encryptionUser", "pub");
> outProps.put(WSHandlerConstants.ENC_PROP_FILE,
> "etc/client_enc.properties");
>
> outProps.put("encryptionKeyIdentifier", "IssuerSerial");
> outProps.put("encryptionParts", "{Element}{" + WSU_NS +
> "}Timestamp;"
> + "{Content}" +
> "{http://www.w3.org/2003/05/soap-envelope}Body");
>
> outProps.put(WSHandlerConstants.SIG_PROP_FILE,
> "etc/client_sign.properties");
>
> outProps.put("signatureKeyIdentifier", "DirectReference");
> outProps.put("signatureParts", "{Element}{" + WSU_NS + "}Timestamp;"
> + "{Element}" +
> "{http://www.w3.org/2003/05/soap-envelope}Body");
>
> return new WSS4JOutInterceptor(outProps);
>
> }
>
> -----Mensagem original-----
> De: Nícolas Fontenele [mailto:nfrota@cpqi.com]
> Enviada: terça-feira, 28 de agosto de 2012 15:11
> Para: users@cxf.apache.org; coheigea@apache.org
> Assunto: RE: Using cxf with X509v3 certificates
>
> Thanks for the answer, I'll paste wsdl here.
> What I have been trying is use wss4j interceptors as I can see in some
> examples.
> I imported both certificates on my keystore and I can see debugging that the
> password handler get the keys from that.
> My problem right now is that CXF is expecting an initial token ( of a class
> SecurityToken ) on the request context property ''ws-security.token''. I saw
> it debugging.
> Is correct to use this property?
> I saw in ws security samples that only set properties on the interceptors
> and not in the requestcontext of the client.
> And if this behavior is correct, How can I create this token? Should I use
> another property?
>
> Wsdl is below, any idea?
> Thanks!
>
> <?xml version="1.0" encoding="utf-8"?>
> <wsdl:definitions
> xmlns:wsap="http://schemas.xmlsoap.org/ws/2004/08/addressing/policy"
> xmlns:wsa10="http://www.w3.org/2005/08/addressing"
> xmlns:tns="http://tempuri.org/"
> xmlns:msc="http://schemas.microsoft.com/ws/2005/12/wsdl/contract"
> xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/"
> xmlns:wsx="http://schemas.xmlsoap.org/ws/2004/09/mex"
> xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
> xmlns:wsam="http://www.w3.org/2007/05/addressing/metadata"
> xmlns:soap12="http://schemas.xmlsoap.org/wsdl/soap12/"
> xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"
> xmlns:wsaw="http://www.w3.org/2006/05/addressing/wsdl"
> xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/"
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurit
> y-utility-1.0.xsd" xmlns:xsd="http://www.w3.org/2001/XMLSchema"
> name="SecGtwService" targetNamespace="http://tempuri.org/"
> xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">
> <wsp:Policy wsu:Id="CertificateEndPoint_policy">
> <wsp:ExactlyOne>
> <wsp:All>
> <sp:SymmetricBinding
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <wsp:Policy>
> <sp:ProtectionToken>
> <wsp:Policy>
> <sp:SecureConversationToken
> sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/Includ
> eToken/AlwaysToRecipient">
> <wsp:Policy>
> <sp:RequireDerivedKeys />
> <sp:BootstrapPolicy>
> <wsp:Policy>
> <sp:SignedParts>
> <sp:Body />
> <sp:Header Name="To"
> Namespace="http://www.w3.org/2005/08/addressing" />
> <sp:Header Name="From"
> Namespace="http://www.w3.org/2005/08/addressing" />
> <sp:Header Name="FaultTo"
> Namespace="http://www.w3.org/2005/08/addressing" />
> <sp:Header Name="ReplyTo"
> Namespace="http://www.w3.org/2005/08/addressing" />
> <sp:Header Name="MessageID"
> Namespace="http://www.w3.org/2005/08/addressing" />
> <sp:Header Name="RelatesTo"
> Namespace="http://www.w3.org/2005/08/addressing" />
> <sp:Header Name="Action"
> Namespace="http://www.w3.org/2005/08/addressing" />
> </sp:SignedParts>
> <sp:EncryptedParts>
> <sp:Body />
> </sp:EncryptedParts>
> <sp:SymmetricBinding>
> <wsp:Policy>
> <sp:ProtectionToken>
> <wsp:Policy>
> <mssp:SslContextToken
> sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/Includ
> eToken/AlwaysToRecipient"
> xmlns:mssp="http://schemas.microsoft.com/ws/2005/07/securitypolicy">
> <wsp:Policy>
> <sp:RequireDerivedKeys />
> <mssp:RequireClientCertificate />
> </wsp:Policy>
> </mssp:SslContextToken>
> </wsp:Policy>
> </sp:ProtectionToken>
> <sp:AlgorithmSuite>
> <wsp:Policy>
> <sp:Basic256 />
> </wsp:Policy>
> </sp:AlgorithmSuite>
> <sp:Layout>
> <wsp:Policy>
> <sp:Strict />
> </wsp:Policy>
> </sp:Layout>
> <sp:IncludeTimestamp />
> <sp:EncryptSignature />
> <sp:OnlySignEntireHeadersAndBody />
> </wsp:Policy>
> </sp:SymmetricBinding>
> <sp:Wss11>
> <wsp:Policy />
> </sp:Wss11>
> <sp:Trust10>
> <wsp:Policy>
> <sp:MustSupportIssuedTokens />
> <sp:RequireClientEntropy />
> <sp:RequireServerEntropy />
> </wsp:Policy>
> </sp:Trust10>
> </wsp:Policy>
> </sp:BootstrapPolicy>
> </wsp:Policy>
> </sp:SecureConversationToken>
> </wsp:Policy>
> </sp:ProtectionToken>
> <sp:AlgorithmSuite>
> <wsp:Policy>
> <sp:Basic256 />
> </wsp:Policy>
> </sp:AlgorithmSuite>
> <sp:Layout>
> <wsp:Policy>
> <sp:Strict />
> </wsp:Policy>
> </sp:Layout>
> <sp:IncludeTimestamp />
> <sp:EncryptSignature />
> <sp:OnlySignEntireHeadersAndBody />
> </wsp:Policy>
> </sp:SymmetricBinding>
> <sp:Wss11
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <wsp:Policy />
> </sp:Wss11>
> <sp:Trust10
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <wsp:Policy>
> <sp:MustSupportIssuedTokens />
> <sp:RequireClientEntropy />
> <sp:RequireServerEntropy />
> </wsp:Policy>
> </sp:Trust10>
> <wsaw:UsingAddressing />
> </wsp:All>
> </wsp:ExactlyOne>
> </wsp:Policy>
> <wsp:Policy wsu:Id="CertificateEndPoint_AuthenticateService_Input_policy">
> <wsp:ExactlyOne>
> <wsp:All>
> <sp:SignedParts
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <sp:Body />
> <sp:Header Name="To"
> Namespace="http://www.w3.org/2005/08/addressing" />
> <sp:Header Name="From"
> Namespace="http://www.w3.org/2005/08/addressing" />
> <sp:Header Name="FaultTo"
> Namespace="http://www.w3.org/2005/08/addressing" />
> <sp:Header Name="ReplyTo"
> Namespace="http://www.w3.org/2005/08/addressing" />
> <sp:Header Name="MessageID"
> Namespace="http://www.w3.org/2005/08/addressing" />
> <sp:Header Name="RelatesTo"
> Namespace="http://www.w3.org/2005/08/addressing" />
> <sp:Header Name="Action"
> Namespace="http://www.w3.org/2005/08/addressing" />
> </sp:SignedParts>
> <sp:EncryptedParts
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <sp:Body />
> </sp:EncryptedParts>
> </wsp:All>
> </wsp:ExactlyOne>
> </wsp:Policy>
> <wsp:Policy
> wsu:Id="CertificateEndPoint_AuthenticateService_output_policy">
> <wsp:ExactlyOne>
> <wsp:All>
> <sp:SignedParts
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <sp:Body />
> <sp:Header Name="To"
> Namespace="http://www.w3.org/2005/08/addressing" />
> <sp:Header Name="From"
> Namespace="http://www.w3.org/2005/08/addressing" />
> <sp:Header Name="FaultTo"
> Namespace="http://www.w3.org/2005/08/addressing" />
> <sp:Header Name="ReplyTo"
> Namespace="http://www.w3.org/2005/08/addressing" />
> <sp:Header Name="MessageID"
> Namespace="http://www.w3.org/2005/08/addressing" />
> <sp:Header Name="RelatesTo"
> Namespace="http://www.w3.org/2005/08/addressing" />
> <sp:Header Name="Action"
> Namespace="http://www.w3.org/2005/08/addressing" />
> </sp:SignedParts>
> <sp:EncryptedParts
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <sp:Body />
> </sp:EncryptedParts>
> </wsp:All>
> </wsp:ExactlyOne>
> </wsp:Policy>
> <wsp:Policy
> wsu:Id="CertificateEndPoint_ValidadeTokenService_Input_policy">
> <wsp:ExactlyOne>
> <wsp:All>
> <sp:SignedParts
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <sp:Body />
> <sp:Header Name="To"
> Namespace="http://www.w3.org/2005/08/addressing" />
> <sp:Header Name="From"
> Namespace="http://www.w3.org/2005/08/addressing" />
> <sp:Header Name="FaultTo"
> Namespace="http://www.w3.org/2005/08/addressing" />
> <sp:Header Name="ReplyTo"
> Namespace="http://www.w3.org/2005/08/addressing" />
> <sp:Header Name="MessageID"
> Namespace="http://www.w3.org/2005/08/addressing" />
> <sp:Header Name="RelatesTo"
> Namespace="http://www.w3.org/2005/08/addressing" />
> <sp:Header Name="Action"
> Namespace="http://www.w3.org/2005/08/addressing" />
> </sp:SignedParts>
> <sp:EncryptedParts
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <sp:Body />
> </sp:EncryptedParts>
> </wsp:All>
> </wsp:ExactlyOne>
> </wsp:Policy>
> <wsp:Policy
> wsu:Id="CertificateEndPoint_ValidadeTokenService_output_policy">
> <wsp:ExactlyOne>
> <wsp:All>
> <sp:SignedParts
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <sp:Body />
> <sp:Header Name="To"
> Namespace="http://www.w3.org/2005/08/addressing" />
> <sp:Header Name="From"
> Namespace="http://www.w3.org/2005/08/addressing" />
> <sp:Header Name="FaultTo"
> Namespace="http://www.w3.org/2005/08/addressing" />
> <sp:Header Name="ReplyTo"
> Namespace="http://www.w3.org/2005/08/addressing" />
> <sp:Header Name="MessageID"
> Namespace="http://www.w3.org/2005/08/addressing" />
> <sp:Header Name="RelatesTo"
> Namespace="http://www.w3.org/2005/08/addressing" />
> <sp:Header Name="Action"
> Namespace="http://www.w3.org/2005/08/addressing" />
> </sp:SignedParts>
> <sp:EncryptedParts
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <sp:Body />
> </sp:EncryptedParts>
> </wsp:All>
> </wsp:ExactlyOne>
> </wsp:Policy>
> <wsp:Policy wsu:Id="CertificateEndPoint_WhoIAm_Input_policy">
> <wsp:ExactlyOne>
> <wsp:All>
> <sp:SignedParts
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <sp:Body />
> <sp:Header Name="To"
> Namespace="http://www.w3.org/2005/08/addressing" />
> <sp:Header Name="From"
> Namespace="http://www.w3.org/2005/08/addressing" />
> <sp:Header Name="FaultTo"
> Namespace="http://www.w3.org/2005/08/addressing" />
> <sp:Header Name="ReplyTo"
> Namespace="http://www.w3.org/2005/08/addressing" />
> <sp:Header Name="MessageID"
> Namespace="http://www.w3.org/2005/08/addressing" />
> <sp:Header Name="RelatesTo"
> Namespace="http://www.w3.org/2005/08/addressing" />
> <sp:Header Name="Action"
> Namespace="http://www.w3.org/2005/08/addressing" />
> </sp:SignedParts>
> <sp:EncryptedParts
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <sp:Body />
> </sp:EncryptedParts>
> </wsp:All>
> </wsp:ExactlyOne>
> </wsp:Policy>
> <wsp:Policy wsu:Id="CertificateEndPoint_WhoIAm_output_policy">
> <wsp:ExactlyOne>
> <wsp:All>
> <sp:SignedParts
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <sp:Body />
> <sp:Header Name="To"
> Namespace="http://www.w3.org/2005/08/addressing" />
> <sp:Header Name="From"
> Namespace="http://www.w3.org/2005/08/addressing" />
> <sp:Header Name="FaultTo"
> Namespace="http://www.w3.org/2005/08/addressing" />
> <sp:Header Name="ReplyTo"
> Namespace="http://www.w3.org/2005/08/addressing" />
> <sp:Header Name="MessageID"
> Namespace="http://www.w3.org/2005/08/addressing" />
> <sp:Header Name="RelatesTo"
> Namespace="http://www.w3.org/2005/08/addressing" />
> <sp:Header Name="Action"
> Namespace="http://www.w3.org/2005/08/addressing" />
> </sp:SignedParts>
> <sp:EncryptedParts
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <sp:Body />
> </sp:EncryptedParts>
> </wsp:All>
> </wsp:ExactlyOne>
> </wsp:Policy>
> <wsdl:types>
> <xsd:schema targetNamespace="http://tempuri.org/Imports">
> <xsd:import
> schemaLocation="http://nrio0230dco.pactual.net/services/SecureGateway/Calyps
> oGatewayCert/SecGtwServiceHost.svc?xsd=xsd0" namespace="http://tempuri.org/"
> />
> <xsd:import
> schemaLocation="http://nrio0230dco.pactual.net/services/SecureGateway/Calyps
> oGatewayCert/SecGtwServiceHost.svc?xsd=xsd1"
> namespace="http://schemas.microsoft.com/2003/10/Serialization/" />
> <xsd:import
> schemaLocation="http://nrio0230dco.pactual.net/services/SecureGateway/Calyps
> oGatewayCert/SecGtwServiceHost.svc?xsd=xsd2"
> namespace="http://schemas.datacontract.org/2004/07/Pactual.SecureGateway.Ser
> vices.Contracts" />
> </xsd:schema>
> </wsdl:types>
> <wsdl:message
> name="ISecGtwServiceContract_AuthenticateService_InputMessage">
> <wsdl:part name="parameters" element="tns:AuthenticateService" />
> </wsdl:message>
> <wsdl:message
> name="ISecGtwServiceContract_AuthenticateService_OutputMessage">
> <wsdl:part name="parameters" element="tns:AuthenticateServiceResponse"
> />
> </wsdl:message>
> <wsdl:message
> name="ISecGtwServiceContract_ValidadeTokenService_InputMessage">
> <wsdl:part name="parameters" element="tns:ValidadeTokenService" />
> </wsdl:message>
> <wsdl:message
> name="ISecGtwServiceContract_ValidadeTokenService_OutputMessage">
> <wsdl:part name="parameters" element="tns:ValidadeTokenServiceResponse"
> />
> </wsdl:message>
> <wsdl:message name="ISecGtwServiceContract_WhoIAm_InputMessage">
> <wsdl:part name="parameters" element="tns:WhoIAm" />
> </wsdl:message>
> <wsdl:message name="ISecGtwServiceContract_WhoIAm_OutputMessage">
> <wsdl:part name="parameters" element="tns:WhoIAmResponse" />
> </wsdl:message>
> <wsdl:portType name="ISecGtwServiceContract">
> <wsdl:operation name="AuthenticateService">
> <wsdl:input
> wsaw:Action="http://tempuri.org/ISecGtwServiceContract/AuthenticateService"
> message="tns:ISecGtwServiceContract_AuthenticateService_InputMessage" />
> <wsdl:output
> wsaw:Action="http://tempuri.org/ISecGtwServiceContract/AuthenticateServiceRe
> sponse"
> message="tns:ISecGtwServiceContract_AuthenticateService_OutputMessage" />
> </wsdl:operation>
> <wsdl:operation name="ValidadeTokenService">
> <wsdl:input
> wsaw:Action="http://tempuri.org/ISecGtwServiceContract/ValidadeTokenService"
> message="tns:ISecGtwServiceContract_ValidadeTokenService_InputMessage" />
> <wsdl:output
> wsaw:Action="http://tempuri.org/ISecGtwServiceContract/ValidadeTokenServiceR
> esponse"
> message="tns:ISecGtwServiceContract_ValidadeTokenService_OutputMessage" />
> </wsdl:operation>
> <wsdl:operation name="WhoIAm">
> <wsdl:input
> wsaw:Action="http://tempuri.org/ISecGtwServiceContract/WhoIAm"
> message="tns:ISecGtwServiceContract_WhoIAm_InputMessage" />
> <wsdl:output
> wsaw:Action="http://tempuri.org/ISecGtwServiceContract/WhoIAmResponse"
> message="tns:ISecGtwServiceContract_WhoIAm_OutputMessage" />
> </wsdl:operation>
> </wsdl:portType>
> <wsdl:binding name="CertificateEndPoint"
> type="tns:ISecGtwServiceContract">
> <wsp:PolicyReference URI="#CertificateEndPoint_policy" />
> <soap12:binding transport="http://schemas.xmlsoap.org/soap/http" />
> <wsdl:operation name="AuthenticateService">
> <soap12:operation
> soapAction="http://tempuri.org/ISecGtwServiceContract/AuthenticateService"
> style="document" />
> <wsdl:input>
> <wsp:PolicyReference
> URI="#CertificateEndPoint_AuthenticateService_Input_policy" />
> <soap12:body use="literal" />
> </wsdl:input>
> <wsdl:output>
> <wsp:PolicyReference
> URI="#CertificateEndPoint_AuthenticateService_output_policy" />
> <soap12:body use="literal" />
> </wsdl:output>
> </wsdl:operation>
> <wsdl:operation name="ValidadeTokenService">
> <soap12:operation
> soapAction="http://tempuri.org/ISecGtwServiceContract/ValidadeTokenService"
> style="document" />
> <wsdl:input>
> <wsp:PolicyReference
> URI="#CertificateEndPoint_ValidadeTokenService_Input_policy" />
> <soap12:body use="literal" />
> </wsdl:input>
> <wsdl:output>
> <wsp:PolicyReference
> URI="#CertificateEndPoint_ValidadeTokenService_output_policy" />
> <soap12:body use="literal" />
> </wsdl:output>
> </wsdl:operation>
> <wsdl:operation name="WhoIAm">
> <soap12:operation
> soapAction="http://tempuri.org/ISecGtwServiceContract/WhoIAm"
> style="document" />
> <wsdl:input>
> <wsp:PolicyReference URI="#CertificateEndPoint_WhoIAm_Input_policy"
> />
> <soap12:body use="literal" />
> </wsdl:input>
> <wsdl:output>
> <wsp:PolicyReference URI="#CertificateEndPoint_WhoIAm_output_policy"
> />
> <soap12:body use="literal" />
> </wsdl:output>
> </wsdl:operation>
> </wsdl:binding>
> <wsdl:service name="SecGtwService">
> <wsdl:port name="CertificateEndPoint" binding="tns:CertificateEndPoint">
> <soap12:address
> location="http://nrio0230dco.pactual.net/services/SecureGateway/CalypsoGatew
> ayCert/SecGtwServiceHost.svc" />
> <wsa10:EndpointReference>
>
> <wsa10:Address>http://nrio0230dco.pactual.net/services/SecureGateway/Calypso
> GatewayCert/SecGtwServiceHost.svc</wsa10:Address>
> <Identity
> xmlns="http://schemas.xmlsoap.org/ws/2006/02/addressingidentity">
> <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
> <X509Data>
>
> <X509Certificate>MIIBxTCCAXOgAwIBAgIQoF4m3EAEm4RCITdLvQ/MxTAJBgUrDgMCHQUAMBY
> xFDASBgNVBAMTC1Jvb3QgQWdlbmN5MB4XDTEyMDcxODAwMjQzN1oXDTM5MTIzMTIzNTk1OVowKDE
> mMCQGA1UEAxMdUGFjdHVhbC5TZWN1cmVHYXRld2F5LlNlcnZpY2UwgZ8wDQYJKoZIhvcNAQEBBQA
> DgY0AMIGJAoGBAN7Bng23dMbhRgzQ3KuD1uox0MriWjJON3DL1tQsHqGqjE9ZiTeVnijDEWxre93
> 8+/sELJ+Ru3mdoQae+ICfn3guBEwg80MBqeQlpNmWMssaKVWJAK5ur2YCo3UNoju2d+ZEgD0
> 8+73tQ
> 4MLp68a3TfUEKrzrBbXZQbFak8opoyCPhAgMBAAGjSzBJMEcGA1UdAQRAMD6AEBLkCS0GHR1PAI1
> hIdwWZGOhGDAWMRQwEgYDVQQDEwtSb290IEFnZW5jeYIQBjdsAKoAZIoRz7jUqlw19DAJBgUrDgM
> CHQUAA0EAVL4d3PW6GhtrfEyYBghg5SIzwrsaKUvOsudIEPuOH8xWPbkgyFszcxKJpOj2dxawvNv
> srBo8D62D9xUTMexQHw==</X509Certificate>
> </X509Data>
> </KeyInfo>
> </Identity>
> </wsa10:EndpointReference>
> </wsdl:port>
> </wsdl:service>
> </wsdl:definitions>
>
>
> -----Mensagem original-----
> De: Colm O hEigeartaigh [mailto:coheigea@apache.org]
> Enviada: terça-feira, 28 de agosto de 2012 14:45
> Para: users@cxf.apache.org
> Assunto: Re: Using cxf with X509v3 certificates
>
> Yes, CXF supports this configuration. Your WSDL did not make it through
> though so I can't tell what the problem is. Try just copying and pasting the
> security binding directly into an email?
>
> Colm.
>
> On Tue, Aug 28, 2012 at 6:20 PM, Nícolas Fontenele <nf...@cpqi.com> wrote:
>
>> Hi all,****
>>
>> ** **
>>
>> I'm developing a client service to consume a .net service with x509v3
>> certificate using ws-security.****
>>
>> The Service uses symmetric binding, with
>> includeToken="prefix/AlwaysToRecipient" and a
>> <sp:ProtectionToken>.****
>>
>> I have two certificates, a *.pfx file and *.cer which I have to use to
>> access.****
>>
>> My wsdl is attached.****
>>
>> My question is Does cxf supports this configuration?****
>>
>> ** **
>>
>> Best Regards,****
>>
>> ** **
>>
>> ** **
>>
>> *Nícolas Fontenele*
>>
>> ** **
>>
>
>
> --
> Colm O hEigeartaigh
>
> Talend Community Coder
> http://coders.talend.com
>
RE: Using cxf with X509v3 certificates
Posted by Nícolas Fontenele <nf...@cpqi.com>.
Im also adding my code here .
Thanks!!
public class Client {
private static final String WSU_NS =
"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-
1.0.xsd";
public static void main(String args[]) {
try {
// 02c6b75f-5fc8-4c05-a79f-78fa1ded10e1
WSS4JOutInterceptor wssOut = createOutProperties();
WSS4JInInterceptor wssIn = createInProperties();
SecGtwService service = new SecGtwService(
new java.net.URL(
"http://nrio083fcom.develop.net/services/SecureGateway/CalypsoGatewayCert/Se
cGtwServiceHost.svc?wsdl"));
ISecGtwServiceContract port = service.getCertificateEndPoint();
org.apache.cxf.endpoint.Client client =
ClientProxy.getClient(port);
client.getInInterceptors().add(wssIn);
client.getOutInterceptors().add(wssOut);
Map<String, Object> ctx = ((BindingProvider) port)
.getRequestContext();
ctx.put("ws-security.token", new SecurityToken());
System.out.println(port.whoIAm());
} catch (MalformedURLException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
private static WSS4JInInterceptor createInProperties() {
Map<String, Object> inProps = new HashMap<String, Object>();
inProps.put(WSHandlerConstants.ACTION,
"UsernameToken Timestamp Signature Encrypt");
inProps.put("passwordType", "PasswordText");
inProps.put("passwordCallbackClass",
ClientPasswordCallback.class.getName());
inProps.put("decryptionPropFile", "etc/client_enc.properties");
inProps.put("encryptionKeyIdentifier", "IssuerSerial");
inProps.put("signaturePropFile", "etc/client_sign.properties");
inProps.put("signatureKeyIdentifier", "DirectReference");
return new WSS4JInInterceptor(inProps);
}
private static WSS4JOutInterceptor createOutProperties() {
Map<String, Object> outProps = new HashMap<String, Object>();
outProps.put(WSHandlerConstants.ACTION,
"UsernameToken Timestamp Signature Encrypt");
outProps.put("passwordType", "PasswordDigest");
outProps.put(WSHandlerConstants.USER,
"02c6b75f-5fc8-4c05-a79f-78fa1ded10e1");
outProps.put(WSHandlerConstants.PW_CALLBACK_CLASS,
ClientPasswordCallback.class.getName());
outProps.put("encryptionUser", "pub");
outProps.put(WSHandlerConstants.ENC_PROP_FILE,
"etc/client_enc.properties");
outProps.put("encryptionKeyIdentifier", "IssuerSerial");
outProps.put("encryptionParts", "{Element}{" + WSU_NS +
"}Timestamp;"
+ "{Content}" +
"{http://www.w3.org/2003/05/soap-envelope}Body");
outProps.put(WSHandlerConstants.SIG_PROP_FILE,
"etc/client_sign.properties");
outProps.put("signatureKeyIdentifier", "DirectReference");
outProps.put("signatureParts", "{Element}{" + WSU_NS + "}Timestamp;"
+ "{Element}" +
"{http://www.w3.org/2003/05/soap-envelope}Body");
return new WSS4JOutInterceptor(outProps);
}
-----Mensagem original-----
De: Nícolas Fontenele [mailto:nfrota@cpqi.com]
Enviada: terça-feira, 28 de agosto de 2012 15:11
Para: users@cxf.apache.org; coheigea@apache.org
Assunto: RE: Using cxf with X509v3 certificates
Thanks for the answer, I'll paste wsdl here.
What I have been trying is use wss4j interceptors as I can see in some
examples.
I imported both certificates on my keystore and I can see debugging that the
password handler get the keys from that.
My problem right now is that CXF is expecting an initial token ( of a class
SecurityToken ) on the request context property ws-security.token. I saw
it debugging.
Is correct to use this property?
I saw in ws security samples that only set properties on the interceptors
and not in the requestcontext of the client.
And if this behavior is correct, How can I create this token? Should I use
another property?
Wsdl is below, any idea?
Thanks!
<?xml version="1.0" encoding="utf-8"?>
<wsdl:definitions
xmlns:wsap="http://schemas.xmlsoap.org/ws/2004/08/addressing/policy"
xmlns:wsa10="http://www.w3.org/2005/08/addressing"
xmlns:tns="http://tempuri.org/"
xmlns:msc="http://schemas.microsoft.com/ws/2005/12/wsdl/contract"
xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/"
xmlns:wsx="http://schemas.xmlsoap.org/ws/2004/09/mex"
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
xmlns:wsam="http://www.w3.org/2007/05/addressing/metadata"
xmlns:soap12="http://schemas.xmlsoap.org/wsdl/soap12/"
xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"
xmlns:wsaw="http://www.w3.org/2006/05/addressing/wsdl"
xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurit
y-utility-1.0.xsd" xmlns:xsd="http://www.w3.org/2001/XMLSchema"
name="SecGtwService" targetNamespace="http://tempuri.org/"
xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">
<wsp:Policy wsu:Id="CertificateEndPoint_policy">
<wsp:ExactlyOne>
<wsp:All>
<sp:SymmetricBinding
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy>
<sp:ProtectionToken>
<wsp:Policy>
<sp:SecureConversationToken
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/Includ
eToken/AlwaysToRecipient">
<wsp:Policy>
<sp:RequireDerivedKeys />
<sp:BootstrapPolicy>
<wsp:Policy>
<sp:SignedParts>
<sp:Body />
<sp:Header Name="To"
Namespace="http://www.w3.org/2005/08/addressing" />
<sp:Header Name="From"
Namespace="http://www.w3.org/2005/08/addressing" />
<sp:Header Name="FaultTo"
Namespace="http://www.w3.org/2005/08/addressing" />
<sp:Header Name="ReplyTo"
Namespace="http://www.w3.org/2005/08/addressing" />
<sp:Header Name="MessageID"
Namespace="http://www.w3.org/2005/08/addressing" />
<sp:Header Name="RelatesTo"
Namespace="http://www.w3.org/2005/08/addressing" />
<sp:Header Name="Action"
Namespace="http://www.w3.org/2005/08/addressing" />
</sp:SignedParts>
<sp:EncryptedParts>
<sp:Body />
</sp:EncryptedParts>
<sp:SymmetricBinding>
<wsp:Policy>
<sp:ProtectionToken>
<wsp:Policy>
<mssp:SslContextToken
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/Includ
eToken/AlwaysToRecipient"
xmlns:mssp="http://schemas.microsoft.com/ws/2005/07/securitypolicy">
<wsp:Policy>
<sp:RequireDerivedKeys />
<mssp:RequireClientCertificate />
</wsp:Policy>
</mssp:SslContextToken>
</wsp:Policy>
</sp:ProtectionToken>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:Basic256 />
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
<wsp:Policy>
<sp:Strict />
</wsp:Policy>
</sp:Layout>
<sp:IncludeTimestamp />
<sp:EncryptSignature />
<sp:OnlySignEntireHeadersAndBody />
</wsp:Policy>
</sp:SymmetricBinding>
<sp:Wss11>
<wsp:Policy />
</sp:Wss11>
<sp:Trust10>
<wsp:Policy>
<sp:MustSupportIssuedTokens />
<sp:RequireClientEntropy />
<sp:RequireServerEntropy />
</wsp:Policy>
</sp:Trust10>
</wsp:Policy>
</sp:BootstrapPolicy>
</wsp:Policy>
</sp:SecureConversationToken>
</wsp:Policy>
</sp:ProtectionToken>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:Basic256 />
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
<wsp:Policy>
<sp:Strict />
</wsp:Policy>
</sp:Layout>
<sp:IncludeTimestamp />
<sp:EncryptSignature />
<sp:OnlySignEntireHeadersAndBody />
</wsp:Policy>
</sp:SymmetricBinding>
<sp:Wss11
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy />
</sp:Wss11>
<sp:Trust10
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy>
<sp:MustSupportIssuedTokens />
<sp:RequireClientEntropy />
<sp:RequireServerEntropy />
</wsp:Policy>
</sp:Trust10>
<wsaw:UsingAddressing />
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
<wsp:Policy wsu:Id="CertificateEndPoint_AuthenticateService_Input_policy">
<wsp:ExactlyOne>
<wsp:All>
<sp:SignedParts
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<sp:Body />
<sp:Header Name="To"
Namespace="http://www.w3.org/2005/08/addressing" />
<sp:Header Name="From"
Namespace="http://www.w3.org/2005/08/addressing" />
<sp:Header Name="FaultTo"
Namespace="http://www.w3.org/2005/08/addressing" />
<sp:Header Name="ReplyTo"
Namespace="http://www.w3.org/2005/08/addressing" />
<sp:Header Name="MessageID"
Namespace="http://www.w3.org/2005/08/addressing" />
<sp:Header Name="RelatesTo"
Namespace="http://www.w3.org/2005/08/addressing" />
<sp:Header Name="Action"
Namespace="http://www.w3.org/2005/08/addressing" />
</sp:SignedParts>
<sp:EncryptedParts
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<sp:Body />
</sp:EncryptedParts>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
<wsp:Policy
wsu:Id="CertificateEndPoint_AuthenticateService_output_policy">
<wsp:ExactlyOne>
<wsp:All>
<sp:SignedParts
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<sp:Body />
<sp:Header Name="To"
Namespace="http://www.w3.org/2005/08/addressing" />
<sp:Header Name="From"
Namespace="http://www.w3.org/2005/08/addressing" />
<sp:Header Name="FaultTo"
Namespace="http://www.w3.org/2005/08/addressing" />
<sp:Header Name="ReplyTo"
Namespace="http://www.w3.org/2005/08/addressing" />
<sp:Header Name="MessageID"
Namespace="http://www.w3.org/2005/08/addressing" />
<sp:Header Name="RelatesTo"
Namespace="http://www.w3.org/2005/08/addressing" />
<sp:Header Name="Action"
Namespace="http://www.w3.org/2005/08/addressing" />
</sp:SignedParts>
<sp:EncryptedParts
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<sp:Body />
</sp:EncryptedParts>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
<wsp:Policy
wsu:Id="CertificateEndPoint_ValidadeTokenService_Input_policy">
<wsp:ExactlyOne>
<wsp:All>
<sp:SignedParts
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<sp:Body />
<sp:Header Name="To"
Namespace="http://www.w3.org/2005/08/addressing" />
<sp:Header Name="From"
Namespace="http://www.w3.org/2005/08/addressing" />
<sp:Header Name="FaultTo"
Namespace="http://www.w3.org/2005/08/addressing" />
<sp:Header Name="ReplyTo"
Namespace="http://www.w3.org/2005/08/addressing" />
<sp:Header Name="MessageID"
Namespace="http://www.w3.org/2005/08/addressing" />
<sp:Header Name="RelatesTo"
Namespace="http://www.w3.org/2005/08/addressing" />
<sp:Header Name="Action"
Namespace="http://www.w3.org/2005/08/addressing" />
</sp:SignedParts>
<sp:EncryptedParts
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<sp:Body />
</sp:EncryptedParts>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
<wsp:Policy
wsu:Id="CertificateEndPoint_ValidadeTokenService_output_policy">
<wsp:ExactlyOne>
<wsp:All>
<sp:SignedParts
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<sp:Body />
<sp:Header Name="To"
Namespace="http://www.w3.org/2005/08/addressing" />
<sp:Header Name="From"
Namespace="http://www.w3.org/2005/08/addressing" />
<sp:Header Name="FaultTo"
Namespace="http://www.w3.org/2005/08/addressing" />
<sp:Header Name="ReplyTo"
Namespace="http://www.w3.org/2005/08/addressing" />
<sp:Header Name="MessageID"
Namespace="http://www.w3.org/2005/08/addressing" />
<sp:Header Name="RelatesTo"
Namespace="http://www.w3.org/2005/08/addressing" />
<sp:Header Name="Action"
Namespace="http://www.w3.org/2005/08/addressing" />
</sp:SignedParts>
<sp:EncryptedParts
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<sp:Body />
</sp:EncryptedParts>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
<wsp:Policy wsu:Id="CertificateEndPoint_WhoIAm_Input_policy">
<wsp:ExactlyOne>
<wsp:All>
<sp:SignedParts
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<sp:Body />
<sp:Header Name="To"
Namespace="http://www.w3.org/2005/08/addressing" />
<sp:Header Name="From"
Namespace="http://www.w3.org/2005/08/addressing" />
<sp:Header Name="FaultTo"
Namespace="http://www.w3.org/2005/08/addressing" />
<sp:Header Name="ReplyTo"
Namespace="http://www.w3.org/2005/08/addressing" />
<sp:Header Name="MessageID"
Namespace="http://www.w3.org/2005/08/addressing" />
<sp:Header Name="RelatesTo"
Namespace="http://www.w3.org/2005/08/addressing" />
<sp:Header Name="Action"
Namespace="http://www.w3.org/2005/08/addressing" />
</sp:SignedParts>
<sp:EncryptedParts
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<sp:Body />
</sp:EncryptedParts>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
<wsp:Policy wsu:Id="CertificateEndPoint_WhoIAm_output_policy">
<wsp:ExactlyOne>
<wsp:All>
<sp:SignedParts
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<sp:Body />
<sp:Header Name="To"
Namespace="http://www.w3.org/2005/08/addressing" />
<sp:Header Name="From"
Namespace="http://www.w3.org/2005/08/addressing" />
<sp:Header Name="FaultTo"
Namespace="http://www.w3.org/2005/08/addressing" />
<sp:Header Name="ReplyTo"
Namespace="http://www.w3.org/2005/08/addressing" />
<sp:Header Name="MessageID"
Namespace="http://www.w3.org/2005/08/addressing" />
<sp:Header Name="RelatesTo"
Namespace="http://www.w3.org/2005/08/addressing" />
<sp:Header Name="Action"
Namespace="http://www.w3.org/2005/08/addressing" />
</sp:SignedParts>
<sp:EncryptedParts
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<sp:Body />
</sp:EncryptedParts>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
<wsdl:types>
<xsd:schema targetNamespace="http://tempuri.org/Imports">
<xsd:import
schemaLocation="http://nrio0230dco.pactual.net/services/SecureGateway/Calyps
oGatewayCert/SecGtwServiceHost.svc?xsd=xsd0" namespace="http://tempuri.org/"
/>
<xsd:import
schemaLocation="http://nrio0230dco.pactual.net/services/SecureGateway/Calyps
oGatewayCert/SecGtwServiceHost.svc?xsd=xsd1"
namespace="http://schemas.microsoft.com/2003/10/Serialization/" />
<xsd:import
schemaLocation="http://nrio0230dco.pactual.net/services/SecureGateway/Calyps
oGatewayCert/SecGtwServiceHost.svc?xsd=xsd2"
namespace="http://schemas.datacontract.org/2004/07/Pactual.SecureGateway.Ser
vices.Contracts" />
</xsd:schema>
</wsdl:types>
<wsdl:message
name="ISecGtwServiceContract_AuthenticateService_InputMessage">
<wsdl:part name="parameters" element="tns:AuthenticateService" />
</wsdl:message>
<wsdl:message
name="ISecGtwServiceContract_AuthenticateService_OutputMessage">
<wsdl:part name="parameters" element="tns:AuthenticateServiceResponse"
/>
</wsdl:message>
<wsdl:message
name="ISecGtwServiceContract_ValidadeTokenService_InputMessage">
<wsdl:part name="parameters" element="tns:ValidadeTokenService" />
</wsdl:message>
<wsdl:message
name="ISecGtwServiceContract_ValidadeTokenService_OutputMessage">
<wsdl:part name="parameters" element="tns:ValidadeTokenServiceResponse"
/>
</wsdl:message>
<wsdl:message name="ISecGtwServiceContract_WhoIAm_InputMessage">
<wsdl:part name="parameters" element="tns:WhoIAm" />
</wsdl:message>
<wsdl:message name="ISecGtwServiceContract_WhoIAm_OutputMessage">
<wsdl:part name="parameters" element="tns:WhoIAmResponse" />
</wsdl:message>
<wsdl:portType name="ISecGtwServiceContract">
<wsdl:operation name="AuthenticateService">
<wsdl:input
wsaw:Action="http://tempuri.org/ISecGtwServiceContract/AuthenticateService"
message="tns:ISecGtwServiceContract_AuthenticateService_InputMessage" />
<wsdl:output
wsaw:Action="http://tempuri.org/ISecGtwServiceContract/AuthenticateServiceRe
sponse"
message="tns:ISecGtwServiceContract_AuthenticateService_OutputMessage" />
</wsdl:operation>
<wsdl:operation name="ValidadeTokenService">
<wsdl:input
wsaw:Action="http://tempuri.org/ISecGtwServiceContract/ValidadeTokenService"
message="tns:ISecGtwServiceContract_ValidadeTokenService_InputMessage" />
<wsdl:output
wsaw:Action="http://tempuri.org/ISecGtwServiceContract/ValidadeTokenServiceR
esponse"
message="tns:ISecGtwServiceContract_ValidadeTokenService_OutputMessage" />
</wsdl:operation>
<wsdl:operation name="WhoIAm">
<wsdl:input
wsaw:Action="http://tempuri.org/ISecGtwServiceContract/WhoIAm"
message="tns:ISecGtwServiceContract_WhoIAm_InputMessage" />
<wsdl:output
wsaw:Action="http://tempuri.org/ISecGtwServiceContract/WhoIAmResponse"
message="tns:ISecGtwServiceContract_WhoIAm_OutputMessage" />
</wsdl:operation>
</wsdl:portType>
<wsdl:binding name="CertificateEndPoint"
type="tns:ISecGtwServiceContract">
<wsp:PolicyReference URI="#CertificateEndPoint_policy" />
<soap12:binding transport="http://schemas.xmlsoap.org/soap/http" />
<wsdl:operation name="AuthenticateService">
<soap12:operation
soapAction="http://tempuri.org/ISecGtwServiceContract/AuthenticateService"
style="document" />
<wsdl:input>
<wsp:PolicyReference
URI="#CertificateEndPoint_AuthenticateService_Input_policy" />
<soap12:body use="literal" />
</wsdl:input>
<wsdl:output>
<wsp:PolicyReference
URI="#CertificateEndPoint_AuthenticateService_output_policy" />
<soap12:body use="literal" />
</wsdl:output>
</wsdl:operation>
<wsdl:operation name="ValidadeTokenService">
<soap12:operation
soapAction="http://tempuri.org/ISecGtwServiceContract/ValidadeTokenService"
style="document" />
<wsdl:input>
<wsp:PolicyReference
URI="#CertificateEndPoint_ValidadeTokenService_Input_policy" />
<soap12:body use="literal" />
</wsdl:input>
<wsdl:output>
<wsp:PolicyReference
URI="#CertificateEndPoint_ValidadeTokenService_output_policy" />
<soap12:body use="literal" />
</wsdl:output>
</wsdl:operation>
<wsdl:operation name="WhoIAm">
<soap12:operation
soapAction="http://tempuri.org/ISecGtwServiceContract/WhoIAm"
style="document" />
<wsdl:input>
<wsp:PolicyReference URI="#CertificateEndPoint_WhoIAm_Input_policy"
/>
<soap12:body use="literal" />
</wsdl:input>
<wsdl:output>
<wsp:PolicyReference URI="#CertificateEndPoint_WhoIAm_output_policy"
/>
<soap12:body use="literal" />
</wsdl:output>
</wsdl:operation>
</wsdl:binding>
<wsdl:service name="SecGtwService">
<wsdl:port name="CertificateEndPoint" binding="tns:CertificateEndPoint">
<soap12:address
location="http://nrio0230dco.pactual.net/services/SecureGateway/CalypsoGatew
ayCert/SecGtwServiceHost.svc" />
<wsa10:EndpointReference>
<wsa10:Address>http://nrio0230dco.pactual.net/services/SecureGateway/Calypso
GatewayCert/SecGtwServiceHost.svc</wsa10:Address>
<Identity
xmlns="http://schemas.xmlsoap.org/ws/2006/02/addressingidentity">
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<X509Data>
<X509Certificate>MIIBxTCCAXOgAwIBAgIQoF4m3EAEm4RCITdLvQ/MxTAJBgUrDgMCHQUAMBY
xFDASBgNVBAMTC1Jvb3QgQWdlbmN5MB4XDTEyMDcxODAwMjQzN1oXDTM5MTIzMTIzNTk1OVowKDE
mMCQGA1UEAxMdUGFjdHVhbC5TZWN1cmVHYXRld2F5LlNlcnZpY2UwgZ8wDQYJKoZIhvcNAQEBBQA
DgY0AMIGJAoGBAN7Bng23dMbhRgzQ3KuD1uox0MriWjJON3DL1tQsHqGqjE9ZiTeVnijDEWxre93
8+/sELJ+Ru3mdoQae+ICfn3guBEwg80MBqeQlpNmWMssaKVWJAK5ur2YCo3UNoju2d+ZEgD0
8+73tQ
4MLp68a3TfUEKrzrBbXZQbFak8opoyCPhAgMBAAGjSzBJMEcGA1UdAQRAMD6AEBLkCS0GHR1PAI1
hIdwWZGOhGDAWMRQwEgYDVQQDEwtSb290IEFnZW5jeYIQBjdsAKoAZIoRz7jUqlw19DAJBgUrDgM
CHQUAA0EAVL4d3PW6GhtrfEyYBghg5SIzwrsaKUvOsudIEPuOH8xWPbkgyFszcxKJpOj2dxawvNv
srBo8D62D9xUTMexQHw==</X509Certificate>
</X509Data>
</KeyInfo>
</Identity>
</wsa10:EndpointReference>
</wsdl:port>
</wsdl:service>
</wsdl:definitions>
-----Mensagem original-----
De: Colm O hEigeartaigh [mailto:coheigea@apache.org]
Enviada: terça-feira, 28 de agosto de 2012 14:45
Para: users@cxf.apache.org
Assunto: Re: Using cxf with X509v3 certificates
Yes, CXF supports this configuration. Your WSDL did not make it through
though so I can't tell what the problem is. Try just copying and pasting the
security binding directly into an email?
Colm.
On Tue, Aug 28, 2012 at 6:20 PM, Nícolas Fontenele <nf...@cpqi.com> wrote:
> Hi all,****
>
> ** **
>
> Im developing a client service to consume a .net service with x509v3
> certificate using ws-security.****
>
> The Service uses symmetric binding, with
> includeToken=prefix/AlwaysToRecipient and a
> <sp:ProtectionToken>.****
>
> I have two certificates, a *.pfx file and *.cer which I have to use to
> access.****
>
> My wsdl is attached.****
>
> My question is Does cxf supports this configuration?****
>
> ** **
>
> Best Regards,****
>
> ** **
>
> ** **
>
> *Nícolas Fontenele*
>
> ** **
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
RE: Using cxf with X509v3 certificates
Posted by Nícolas Fontenele <nf...@cpqi.com>.
Thanks for the answer, I'll paste wsdl here.
What I have been trying is use wss4j interceptors as I can see in some
examples.
I imported both certificates on my keystore and I can see debugging that the
password handler get the keys from that.
My problem right now is that CXF is expecting an initial token ( of a class
SecurityToken ) on the request context property ws-security.token. I saw
it debugging.
Is correct to use this property?
I saw in ws security samples that only set properties on the interceptors
and not in the requestcontext of the client.
And if this behavior is correct, How can I create this token? Should I use
another property?
Wsdl is below, any idea?
Thanks!
<?xml version="1.0" encoding="utf-8"?>
<wsdl:definitions
xmlns:wsap="http://schemas.xmlsoap.org/ws/2004/08/addressing/policy"
xmlns:wsa10="http://www.w3.org/2005/08/addressing"
xmlns:tns="http://tempuri.org/"
xmlns:msc="http://schemas.microsoft.com/ws/2005/12/wsdl/contract"
xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/"
xmlns:wsx="http://schemas.xmlsoap.org/ws/2004/09/mex"
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
xmlns:wsam="http://www.w3.org/2007/05/addressing/metadata"
xmlns:soap12="http://schemas.xmlsoap.org/wsdl/soap12/"
xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"
xmlns:wsaw="http://www.w3.org/2006/05/addressing/wsdl"
xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurit
y-utility-1.0.xsd" xmlns:xsd="http://www.w3.org/2001/XMLSchema"
name="SecGtwService" targetNamespace="http://tempuri.org/"
xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/">
<wsp:Policy wsu:Id="CertificateEndPoint_policy">
<wsp:ExactlyOne>
<wsp:All>
<sp:SymmetricBinding
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy>
<sp:ProtectionToken>
<wsp:Policy>
<sp:SecureConversationToken
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/Includ
eToken/AlwaysToRecipient">
<wsp:Policy>
<sp:RequireDerivedKeys />
<sp:BootstrapPolicy>
<wsp:Policy>
<sp:SignedParts>
<sp:Body />
<sp:Header Name="To"
Namespace="http://www.w3.org/2005/08/addressing" />
<sp:Header Name="From"
Namespace="http://www.w3.org/2005/08/addressing" />
<sp:Header Name="FaultTo"
Namespace="http://www.w3.org/2005/08/addressing" />
<sp:Header Name="ReplyTo"
Namespace="http://www.w3.org/2005/08/addressing" />
<sp:Header Name="MessageID"
Namespace="http://www.w3.org/2005/08/addressing" />
<sp:Header Name="RelatesTo"
Namespace="http://www.w3.org/2005/08/addressing" />
<sp:Header Name="Action"
Namespace="http://www.w3.org/2005/08/addressing" />
</sp:SignedParts>
<sp:EncryptedParts>
<sp:Body />
</sp:EncryptedParts>
<sp:SymmetricBinding>
<wsp:Policy>
<sp:ProtectionToken>
<wsp:Policy>
<mssp:SslContextToken
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/Includ
eToken/AlwaysToRecipient"
xmlns:mssp="http://schemas.microsoft.com/ws/2005/07/securitypolicy">
<wsp:Policy>
<sp:RequireDerivedKeys />
<mssp:RequireClientCertificate />
</wsp:Policy>
</mssp:SslContextToken>
</wsp:Policy>
</sp:ProtectionToken>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:Basic256 />
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
<wsp:Policy>
<sp:Strict />
</wsp:Policy>
</sp:Layout>
<sp:IncludeTimestamp />
<sp:EncryptSignature />
<sp:OnlySignEntireHeadersAndBody />
</wsp:Policy>
</sp:SymmetricBinding>
<sp:Wss11>
<wsp:Policy />
</sp:Wss11>
<sp:Trust10>
<wsp:Policy>
<sp:MustSupportIssuedTokens />
<sp:RequireClientEntropy />
<sp:RequireServerEntropy />
</wsp:Policy>
</sp:Trust10>
</wsp:Policy>
</sp:BootstrapPolicy>
</wsp:Policy>
</sp:SecureConversationToken>
</wsp:Policy>
</sp:ProtectionToken>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:Basic256 />
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
<wsp:Policy>
<sp:Strict />
</wsp:Policy>
</sp:Layout>
<sp:IncludeTimestamp />
<sp:EncryptSignature />
<sp:OnlySignEntireHeadersAndBody />
</wsp:Policy>
</sp:SymmetricBinding>
<sp:Wss11
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy />
</sp:Wss11>
<sp:Trust10
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy>
<sp:MustSupportIssuedTokens />
<sp:RequireClientEntropy />
<sp:RequireServerEntropy />
</wsp:Policy>
</sp:Trust10>
<wsaw:UsingAddressing />
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
<wsp:Policy wsu:Id="CertificateEndPoint_AuthenticateService_Input_policy">
<wsp:ExactlyOne>
<wsp:All>
<sp:SignedParts
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<sp:Body />
<sp:Header Name="To"
Namespace="http://www.w3.org/2005/08/addressing" />
<sp:Header Name="From"
Namespace="http://www.w3.org/2005/08/addressing" />
<sp:Header Name="FaultTo"
Namespace="http://www.w3.org/2005/08/addressing" />
<sp:Header Name="ReplyTo"
Namespace="http://www.w3.org/2005/08/addressing" />
<sp:Header Name="MessageID"
Namespace="http://www.w3.org/2005/08/addressing" />
<sp:Header Name="RelatesTo"
Namespace="http://www.w3.org/2005/08/addressing" />
<sp:Header Name="Action"
Namespace="http://www.w3.org/2005/08/addressing" />
</sp:SignedParts>
<sp:EncryptedParts
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<sp:Body />
</sp:EncryptedParts>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
<wsp:Policy
wsu:Id="CertificateEndPoint_AuthenticateService_output_policy">
<wsp:ExactlyOne>
<wsp:All>
<sp:SignedParts
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<sp:Body />
<sp:Header Name="To"
Namespace="http://www.w3.org/2005/08/addressing" />
<sp:Header Name="From"
Namespace="http://www.w3.org/2005/08/addressing" />
<sp:Header Name="FaultTo"
Namespace="http://www.w3.org/2005/08/addressing" />
<sp:Header Name="ReplyTo"
Namespace="http://www.w3.org/2005/08/addressing" />
<sp:Header Name="MessageID"
Namespace="http://www.w3.org/2005/08/addressing" />
<sp:Header Name="RelatesTo"
Namespace="http://www.w3.org/2005/08/addressing" />
<sp:Header Name="Action"
Namespace="http://www.w3.org/2005/08/addressing" />
</sp:SignedParts>
<sp:EncryptedParts
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<sp:Body />
</sp:EncryptedParts>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
<wsp:Policy
wsu:Id="CertificateEndPoint_ValidadeTokenService_Input_policy">
<wsp:ExactlyOne>
<wsp:All>
<sp:SignedParts
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<sp:Body />
<sp:Header Name="To"
Namespace="http://www.w3.org/2005/08/addressing" />
<sp:Header Name="From"
Namespace="http://www.w3.org/2005/08/addressing" />
<sp:Header Name="FaultTo"
Namespace="http://www.w3.org/2005/08/addressing" />
<sp:Header Name="ReplyTo"
Namespace="http://www.w3.org/2005/08/addressing" />
<sp:Header Name="MessageID"
Namespace="http://www.w3.org/2005/08/addressing" />
<sp:Header Name="RelatesTo"
Namespace="http://www.w3.org/2005/08/addressing" />
<sp:Header Name="Action"
Namespace="http://www.w3.org/2005/08/addressing" />
</sp:SignedParts>
<sp:EncryptedParts
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<sp:Body />
</sp:EncryptedParts>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
<wsp:Policy
wsu:Id="CertificateEndPoint_ValidadeTokenService_output_policy">
<wsp:ExactlyOne>
<wsp:All>
<sp:SignedParts
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<sp:Body />
<sp:Header Name="To"
Namespace="http://www.w3.org/2005/08/addressing" />
<sp:Header Name="From"
Namespace="http://www.w3.org/2005/08/addressing" />
<sp:Header Name="FaultTo"
Namespace="http://www.w3.org/2005/08/addressing" />
<sp:Header Name="ReplyTo"
Namespace="http://www.w3.org/2005/08/addressing" />
<sp:Header Name="MessageID"
Namespace="http://www.w3.org/2005/08/addressing" />
<sp:Header Name="RelatesTo"
Namespace="http://www.w3.org/2005/08/addressing" />
<sp:Header Name="Action"
Namespace="http://www.w3.org/2005/08/addressing" />
</sp:SignedParts>
<sp:EncryptedParts
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<sp:Body />
</sp:EncryptedParts>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
<wsp:Policy wsu:Id="CertificateEndPoint_WhoIAm_Input_policy">
<wsp:ExactlyOne>
<wsp:All>
<sp:SignedParts
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<sp:Body />
<sp:Header Name="To"
Namespace="http://www.w3.org/2005/08/addressing" />
<sp:Header Name="From"
Namespace="http://www.w3.org/2005/08/addressing" />
<sp:Header Name="FaultTo"
Namespace="http://www.w3.org/2005/08/addressing" />
<sp:Header Name="ReplyTo"
Namespace="http://www.w3.org/2005/08/addressing" />
<sp:Header Name="MessageID"
Namespace="http://www.w3.org/2005/08/addressing" />
<sp:Header Name="RelatesTo"
Namespace="http://www.w3.org/2005/08/addressing" />
<sp:Header Name="Action"
Namespace="http://www.w3.org/2005/08/addressing" />
</sp:SignedParts>
<sp:EncryptedParts
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<sp:Body />
</sp:EncryptedParts>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
<wsp:Policy wsu:Id="CertificateEndPoint_WhoIAm_output_policy">
<wsp:ExactlyOne>
<wsp:All>
<sp:SignedParts
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<sp:Body />
<sp:Header Name="To"
Namespace="http://www.w3.org/2005/08/addressing" />
<sp:Header Name="From"
Namespace="http://www.w3.org/2005/08/addressing" />
<sp:Header Name="FaultTo"
Namespace="http://www.w3.org/2005/08/addressing" />
<sp:Header Name="ReplyTo"
Namespace="http://www.w3.org/2005/08/addressing" />
<sp:Header Name="MessageID"
Namespace="http://www.w3.org/2005/08/addressing" />
<sp:Header Name="RelatesTo"
Namespace="http://www.w3.org/2005/08/addressing" />
<sp:Header Name="Action"
Namespace="http://www.w3.org/2005/08/addressing" />
</sp:SignedParts>
<sp:EncryptedParts
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<sp:Body />
</sp:EncryptedParts>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
<wsdl:types>
<xsd:schema targetNamespace="http://tempuri.org/Imports">
<xsd:import
schemaLocation="http://nrio0230dco.pactual.net/services/SecureGateway/Calyps
oGatewayCert/SecGtwServiceHost.svc?xsd=xsd0" namespace="http://tempuri.org/"
/>
<xsd:import
schemaLocation="http://nrio0230dco.pactual.net/services/SecureGateway/Calyps
oGatewayCert/SecGtwServiceHost.svc?xsd=xsd1"
namespace="http://schemas.microsoft.com/2003/10/Serialization/" />
<xsd:import
schemaLocation="http://nrio0230dco.pactual.net/services/SecureGateway/Calyps
oGatewayCert/SecGtwServiceHost.svc?xsd=xsd2"
namespace="http://schemas.datacontract.org/2004/07/Pactual.SecureGateway.Ser
vices.Contracts" />
</xsd:schema>
</wsdl:types>
<wsdl:message
name="ISecGtwServiceContract_AuthenticateService_InputMessage">
<wsdl:part name="parameters" element="tns:AuthenticateService" />
</wsdl:message>
<wsdl:message
name="ISecGtwServiceContract_AuthenticateService_OutputMessage">
<wsdl:part name="parameters" element="tns:AuthenticateServiceResponse"
/>
</wsdl:message>
<wsdl:message
name="ISecGtwServiceContract_ValidadeTokenService_InputMessage">
<wsdl:part name="parameters" element="tns:ValidadeTokenService" />
</wsdl:message>
<wsdl:message
name="ISecGtwServiceContract_ValidadeTokenService_OutputMessage">
<wsdl:part name="parameters" element="tns:ValidadeTokenServiceResponse"
/>
</wsdl:message>
<wsdl:message name="ISecGtwServiceContract_WhoIAm_InputMessage">
<wsdl:part name="parameters" element="tns:WhoIAm" />
</wsdl:message>
<wsdl:message name="ISecGtwServiceContract_WhoIAm_OutputMessage">
<wsdl:part name="parameters" element="tns:WhoIAmResponse" />
</wsdl:message>
<wsdl:portType name="ISecGtwServiceContract">
<wsdl:operation name="AuthenticateService">
<wsdl:input
wsaw:Action="http://tempuri.org/ISecGtwServiceContract/AuthenticateService"
message="tns:ISecGtwServiceContract_AuthenticateService_InputMessage" />
<wsdl:output
wsaw:Action="http://tempuri.org/ISecGtwServiceContract/AuthenticateServiceRe
sponse"
message="tns:ISecGtwServiceContract_AuthenticateService_OutputMessage" />
</wsdl:operation>
<wsdl:operation name="ValidadeTokenService">
<wsdl:input
wsaw:Action="http://tempuri.org/ISecGtwServiceContract/ValidadeTokenService"
message="tns:ISecGtwServiceContract_ValidadeTokenService_InputMessage" />
<wsdl:output
wsaw:Action="http://tempuri.org/ISecGtwServiceContract/ValidadeTokenServiceR
esponse"
message="tns:ISecGtwServiceContract_ValidadeTokenService_OutputMessage" />
</wsdl:operation>
<wsdl:operation name="WhoIAm">
<wsdl:input
wsaw:Action="http://tempuri.org/ISecGtwServiceContract/WhoIAm"
message="tns:ISecGtwServiceContract_WhoIAm_InputMessage" />
<wsdl:output
wsaw:Action="http://tempuri.org/ISecGtwServiceContract/WhoIAmResponse"
message="tns:ISecGtwServiceContract_WhoIAm_OutputMessage" />
</wsdl:operation>
</wsdl:portType>
<wsdl:binding name="CertificateEndPoint"
type="tns:ISecGtwServiceContract">
<wsp:PolicyReference URI="#CertificateEndPoint_policy" />
<soap12:binding transport="http://schemas.xmlsoap.org/soap/http" />
<wsdl:operation name="AuthenticateService">
<soap12:operation
soapAction="http://tempuri.org/ISecGtwServiceContract/AuthenticateService"
style="document" />
<wsdl:input>
<wsp:PolicyReference
URI="#CertificateEndPoint_AuthenticateService_Input_policy" />
<soap12:body use="literal" />
</wsdl:input>
<wsdl:output>
<wsp:PolicyReference
URI="#CertificateEndPoint_AuthenticateService_output_policy" />
<soap12:body use="literal" />
</wsdl:output>
</wsdl:operation>
<wsdl:operation name="ValidadeTokenService">
<soap12:operation
soapAction="http://tempuri.org/ISecGtwServiceContract/ValidadeTokenService"
style="document" />
<wsdl:input>
<wsp:PolicyReference
URI="#CertificateEndPoint_ValidadeTokenService_Input_policy" />
<soap12:body use="literal" />
</wsdl:input>
<wsdl:output>
<wsp:PolicyReference
URI="#CertificateEndPoint_ValidadeTokenService_output_policy" />
<soap12:body use="literal" />
</wsdl:output>
</wsdl:operation>
<wsdl:operation name="WhoIAm">
<soap12:operation
soapAction="http://tempuri.org/ISecGtwServiceContract/WhoIAm"
style="document" />
<wsdl:input>
<wsp:PolicyReference URI="#CertificateEndPoint_WhoIAm_Input_policy"
/>
<soap12:body use="literal" />
</wsdl:input>
<wsdl:output>
<wsp:PolicyReference URI="#CertificateEndPoint_WhoIAm_output_policy"
/>
<soap12:body use="literal" />
</wsdl:output>
</wsdl:operation>
</wsdl:binding>
<wsdl:service name="SecGtwService">
<wsdl:port name="CertificateEndPoint" binding="tns:CertificateEndPoint">
<soap12:address
location="http://nrio0230dco.pactual.net/services/SecureGateway/CalypsoGatew
ayCert/SecGtwServiceHost.svc" />
<wsa10:EndpointReference>
<wsa10:Address>http://nrio0230dco.pactual.net/services/SecureGateway/Calypso
GatewayCert/SecGtwServiceHost.svc</wsa10:Address>
<Identity
xmlns="http://schemas.xmlsoap.org/ws/2006/02/addressingidentity">
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<X509Data>
<X509Certificate>MIIBxTCCAXOgAwIBAgIQoF4m3EAEm4RCITdLvQ/MxTAJBgUrDgMCHQUAMBY
xFDASBgNVBAMTC1Jvb3QgQWdlbmN5MB4XDTEyMDcxODAwMjQzN1oXDTM5MTIzMTIzNTk1OVowKDE
mMCQGA1UEAxMdUGFjdHVhbC5TZWN1cmVHYXRld2F5LlNlcnZpY2UwgZ8wDQYJKoZIhvcNAQEBBQA
DgY0AMIGJAoGBAN7Bng23dMbhRgzQ3KuD1uox0MriWjJON3DL1tQsHqGqjE9ZiTeVnijDEWxre93
8+/sELJ+Ru3mdoQae+ICfn3guBEwg80MBqeQlpNmWMssaKVWJAK5ur2YCo3UNoju2d+ZEgD073tQ
4MLp68a3TfUEKrzrBbXZQbFak8opoyCPhAgMBAAGjSzBJMEcGA1UdAQRAMD6AEBLkCS0GHR1PAI1
hIdwWZGOhGDAWMRQwEgYDVQQDEwtSb290IEFnZW5jeYIQBjdsAKoAZIoRz7jUqlw19DAJBgUrDgM
CHQUAA0EAVL4d3PW6GhtrfEyYBghg5SIzwrsaKUvOsudIEPuOH8xWPbkgyFszcxKJpOj2dxawvNv
srBo8D62D9xUTMexQHw==</X509Certificate>
</X509Data>
</KeyInfo>
</Identity>
</wsa10:EndpointReference>
</wsdl:port>
</wsdl:service>
</wsdl:definitions>
-----Mensagem original-----
De: Colm O hEigeartaigh [mailto:coheigea@apache.org]
Enviada: terça-feira, 28 de agosto de 2012 14:45
Para: users@cxf.apache.org
Assunto: Re: Using cxf with X509v3 certificates
Yes, CXF supports this configuration. Your WSDL did not make it through
though so I can't tell what the problem is. Try just copying and pasting the
security binding directly into an email?
Colm.
On Tue, Aug 28, 2012 at 6:20 PM, Nícolas Fontenele <nf...@cpqi.com> wrote:
> Hi all,****
>
> ** **
>
> Im developing a client service to consume a .net service with x509v3
> certificate using ws-security.****
>
> The Service uses symmetric binding, with
> includeToken=prefix/AlwaysToRecipient and a
> <sp:ProtectionToken>.****
>
> I have two certificates, a *.pfx file and *.cer which I have to use to
> access.****
>
> My wsdl is attached.****
>
> My question is Does cxf supports this configuration?****
>
> ** **
>
> Best Regards,****
>
> ** **
>
> ** **
>
> *Nícolas Fontenele*
>
> ** **
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
Re: Using cxf with X509v3 certificates
Posted by Colm O hEigeartaigh <co...@apache.org>.
Yes, CXF supports this configuration. Your WSDL did not make it through
though so I can't tell what the problem is. Try just copying and pasting
the security binding directly into an email?
Colm.
On Tue, Aug 28, 2012 at 6:20 PM, Nícolas Fontenele <nf...@cpqi.com> wrote:
> Hi all,****
>
> ** **
>
> I’m developing a client service to consume a .net service with x509v3
> certificate using ws-security.****
>
> The Service uses symmetric binding, with
> includeToken=”prefix/AlwaysToRecipient” and a <sp:ProtectionToken>.****
>
> I have two certificates, a *.pfx file and *.cer which I have to use to
> access.****
>
> My wsdl is attached.****
>
> My question is Does cxf supports this configuration?****
>
> ** **
>
> Best Regards,****
>
> ** **
>
> ** **
>
> *Nícolas Fontenele*
>
> ** **
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com