You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cxf.apache.org by Jaroslav Půbal <pu...@marbes.cz> on 2012/08/22 14:14:02 UTC
CXF WSS and .NET with certificate (BinarySecurityToken)
Hello,
I need call .NET server from CXF java client.
.NET web service use WSS with certificate.
I have valid certificate, but I don't know how to configure CXF to get it
work.
Request header must look like this:
<SOAP:Envelope xmlns:SOAP="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/03/addressing"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecuri
ty-secext-1.0.xsd"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurit
y-utility-1.0.xsd">
<SOAP:Header>
<wsa:Action>http://xxx/xxx/proceed2</wsa:Action>
<wsa:MessageID>uuid:0850345f-4462-44ec-ba79-322a01cf2e3b</wsa:MessageID>
<wsa:To>http://xxx/xxx/</wsa:To>
<wsse:Security SOAP:mustUnderstand="1">
<wsu:Timestamp
wsu:Id="Timestamp-6650292b-e070-4234-961c-becfb5c54d58">
<wsu:Created>2008-09-17T09:59:18Z</wsu:Created>
</wsu:Timestamp>
<wsse:BinarySecurityToken
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-toke
n-profile-1.0#X509v3"
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-m
essage-security-1.0#Base64Binary"
wsu:Id="SecurityToken-439239a1-158e-40a2-b969-012afa36e061">.pYYjs=</wsse:Bi
narySecurityToken>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<ds:CanonicalizationMethod
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#" />
<SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<Reference URI="#Id-1baa4d05-a59a-4b53-afc3-166cb8cfac10">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"
/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"
/>
<DigestValue>vXCPk+2yjstl9FhZlPq+lW+bbfg=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>.YQGsAtCQ=</SignatureValue>
<KeyInfo>
<wsse:SecurityTokenReference>
<wsse:Reference
URI="#SecurityToken-439239a1-158e-40a2-b969-012afa36e061"
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-toke
n-profile-1.0#X509v3" />
</wsse:SecurityTokenReference>
</KeyInfo>
</Signature>
</wsse:Security>
</SOAP:Header>
<SOAP:Body
wsu:Id="Id-1baa4d05-a59a-4b53-afc3-166cb8cfac10">...</SOAP:Body>
</SOAP:Envelope>
Any help will be appreciated!
Re: CXF WSS and .NET with certificate (BinarySecurityToken)
Posted by Colm O hEigeartaigh <co...@apache.org>.
Hi,
This is a fairly standard WS-Security use-case where you are signing the
SOAP Body via an included BinarySecurityToken (incidentally you should also
be signing the Timestamp). What you want is an AsymmetricBinding policy
that only contains an "InitiatorToken".
The best place to start is to look at the WS-Security examples.
WSDL:
http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/x509/DoubleItX509.wsdl?view=markup
Test code:
http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/x509/X509TokenTest.java?view=markup
Client configuration:
http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/x509/client/client.xml?view=markup
Colm.
On Wed, Aug 22, 2012 at 1:14 PM, Jaroslav Půbal <pu...@marbes.cz> wrote:
> Hello,
>
> I need call .NET server from CXF java client.
>
>
>
> .NET web service use WSS with certificate.
>
>
>
> I have valid certificate, but I don't know how to configure CXF to get it
> work.
>
>
>
> Request header must look like this:
>
> <SOAP:Envelope xmlns:SOAP="http://schemas.xmlsoap.org/soap/envelope/"
> xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/03/addressing"
> xmlns:wsse="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecuri
> ty-secext-1.0.xsd"
> xmlns:wsu="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurit
> y-utility-1.0.xsd">
>
> <SOAP:Header>
>
> <wsa:Action>http://xxx/xxx/proceed2</wsa:Action>
>
>
> <wsa:MessageID>uuid:0850345f-4462-44ec-ba79-322a01cf2e3b</wsa:MessageID>
>
> <wsa:To>http://xxx/xxx/</wsa:To>
>
> <wsse:Security SOAP:mustUnderstand="1">
>
> <wsu:Timestamp
> wsu:Id="Timestamp-6650292b-e070-4234-961c-becfb5c54d58">
>
> <wsu:Created>2008-09-17T09:59:18Z</wsu:Created>
>
> </wsu:Timestamp>
>
> <wsse:BinarySecurityToken
> ValueType="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-toke
> n-profile-1.0#X509v3"
> EncodingType="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-m
> essage-security-1.0#Base64Binary"
>
> wsu:Id="SecurityToken-439239a1-158e-40a2-b969-012afa36e061">.pYYjs=</wsse:Bi
> narySecurityToken>
>
> <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
>
> <SignedInfo>
>
> <ds:CanonicalizationMethod
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"
> xmlns:ds="http://www.w3.org/2000/09/xmldsig#" />
>
> <SignatureMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
>
> <Reference URI="#Id-1baa4d05-a59a-4b53-afc3-166cb8cfac10">
>
> <Transforms>
>
> <Transform Algorithm="
> http://www.w3.org/2001/10/xml-exc-c14n#"
> />
>
> </Transforms>
>
> <DigestMethod Algorithm="
> http://www.w3.org/2000/09/xmldsig#sha1"
> />
>
> <DigestValue>vXCPk+2yjstl9FhZlPq+lW+bbfg=</DigestValue>
>
> </Reference>
>
> </SignedInfo>
>
> <SignatureValue>.YQGsAtCQ=</SignatureValue>
>
> <KeyInfo>
>
> <wsse:SecurityTokenReference>
>
> <wsse:Reference
> URI="#SecurityToken-439239a1-158e-40a2-b969-012afa36e061"
> ValueType="
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-toke
> n-profile-1.0#X509v3" />
>
> </wsse:SecurityTokenReference>
>
> </KeyInfo>
>
> </Signature>
>
> </wsse:Security>
>
> </SOAP:Header>
>
> <SOAP:Body
> wsu:Id="Id-1baa4d05-a59a-4b53-afc3-166cb8cfac10">...</SOAP:Body>
>
> </SOAP:Envelope>
>
>
>
>
>
> Any help will be appreciated!
>
>
>
>
>
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com