You are viewing a plain text version of this content. The canonical link for it is here.
Posted to wss4j-dev@ws.apache.org by max untertan <ma...@gmx.de> on 2006/12/18 16:04:16 UTC
Newbies Question : PKIPathSecurity
Hello,
does anyone ever uses org.apache.ws.security.message.token.PKIPathSecurity?
I tryed and failed.
I had first programmed a service which get`s a chain of X509Security as Base and Supporting of a RequestSecurityToken
and return`s a RequestSecurityTokenResponse with an UsernameTokentoken.
This worked fine,
but as I try to do the same with a PKIPathSecurity in the RequestSecurityToken the service only returned
<RequestSecurityTokenResponse xsi:nil="true" xmlns="http://schemas.xmlsoap.org/ws/2004/04/trust"/>.
So I tryed many differend way´s but it fixed noting.
Here`s my code:
The client:
public class Client
{
/** Field address */
private static final java.lang.String address =
"http://localhost:9080/axis/services/Service";
public static void main(String[] args) throws DOMException, TrustException, Exception
{
Options opts = new Options(args);
opts.setDefaultURL(address);
Service service = new Service();
Call call = (Call) service.createCall();
call.setTargetEndpointAddress(opts.getURL());
SOAPEnvelope env = new SOAPEnvelope();
Document doc = env.getAsDocument();
WSSConfig wssConfig = WSSConfig.getDefaultWSConfig();
RequestSecurityToken tokenRequest = new RequestSecurityToken(doc, TrustConstants.REQUEST_ISSUE);
tokenRequest.setTokenType(TokenTypes.USERNAME);
try
{
InputStream secondinputStream = new ByteArrayInputStream("-----BEGIN CERTIFICATE-----\nMIICfTCCAeagAwIBAgIBBDANBgkqhkiG9w0BAQUFADBuMQswCQYDVQQGEwJkZTEMMAoGA1UECBMDbnJ3MQwwCgYDVQQKEwNydWIxDDAKBgNVBAsTA25kczETMBEGA1UEAxMKcHJha3Rpa2FudDEgMB4GCSqGSIb3DQEJARYRcHJha3Rpa2FudEBydWIuZGUwHhcNMDYxMjA5MTcyMjMwWhcNMDcxMjA5MTcyMjMwWjCBiDELMAkGA1UEBhMCZGUxDDAKBgNVBAgTA25ydzEPMA0GA1UEBxMGYm9jaHVtMQwwCgYDVQQKEwNydWIxGDAWBgNVBAsTD2Zha3VsdGVhdCBldC9pdDEVMBMGA1UEAxMMdXNlcjEucnViLmRlMRswGQYJKoZIhvcNAQkBFgx1c2VyMUBydWIuZGUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOL+i7FrPJRsGvYPWnaAyRGbGzGC8di+40rd8BVPGq2aiObBkBeSonrZEzji1vbISMVbq913/2P+e8O5a4Iyy0uJe1b8ivqTzez6N4ZyDl2QssvfchBfRXpGuYo785AbdnLx+W7CiXkqIu3bxYL0Vb2OpXrZppjUxvbgsi6nXYabAgMBAAGjEDAOMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAp9EJYlG3dCG76jP2nm15xQZcyJJ/hMqneTNvOATE944DJRU1ejQGvxc5UXvNnjGt7gdVirsi+pG4p7oMt8yP/zEeYAcLLdBAUHQvtay5VNxHqmn9o9eZakMHpvRM2X+ExQYLUV30b1p8Uq7Hkc7jIevxuBYD8rx6aH8PXs6HO58=\n-----END CERTIFICATE-----".getBy
tes());
CertificateFactory secondcf = CertificateFactory.getInstance("X.509");
X509Certificate secondcert = (X509Certificate) secondcf.generateCertificate(secondinputStream);
// Add the cert to a <BinarySecurityToken> element
X509Security secondbinaryToken = new X509Security(doc);
secondbinaryToken.setX509Certificate(secondcert);
InputStream thirdinputStream = new ByteArrayInputStream("-----BEGIN CERTIFICATE-----\nMIIDZzCCAtCgAwIBAgIBBjANBgkqhkiG9w0BAQUFADCBiDELMAkGA1UEBhMCZGUxDDAKBgNVBAgTA25ydzEPMA0GA1UEBxMGYm9jaHVtMQwwCgYDVQQKEwNydWIxGDAWBgNVBAsTD2Zha3VsdGVhdCBldC9pdDEVMBMGA1UEAxMMdXNlcjEucnViLmRlMRswGQYJKoZIhvcNAQkBFgx1c2VyMUBydWIuZGUwHhcNMDYxMjA5MjAwNjM0WhcNMDcxMjA5MjAwNjM0WjCBiDELMAkGA1UEBhMCZGUxDDAKBgNVBAgTA25ydzEPMA0GA1UEBxMGYm9jaHVtMQwwCgYDVQQKEwNydWIxGDAWBgNVBAsTD2Zha3VsdGFldCBldC9pdDEVMBMGA1UEAxMMdXNlcjIucnViLmRlMRswGQYJKoZIhvcNAQkBFgx1c2VyMkBydWIuZGUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMgdlL7Jph12kgH3h90oMsZClppm6AWAeQ5UxKi/+P5LDM8M1dsnQ2PzZPHbffg7ya2qpclbNgNTsRehgelntP7TxphkD5wcVKmQdpfPLJCqdSyLZwUbagasBw2SfCb03zKq/7hFkazi4Gxdx/RE2D9tM1qMuQUsm38jRIL1YCQ7AgMBAAGjgd4wgdswCQYDVR0TBAIwADAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFH74BncMm6mmqFuMEEFwLzn3O5p0MIGABgNVHSMEeTB3oXKkcDBuMQswCQYDVQQGEwJkZTEMMAoGA1UECBMDbnJ3MQwwCgYDVQQKEwNydWIxDDAKBgNVBAsTA25k
czETMBEGA1UEAxMKcHJha3Rpa2FudDEgMB4GCSqGSIb3DQEJARYRcHJha3Rpa2FudEBydWIuZGWCAQQwDQYJKoZIhvcNAQEFBQADgYEAFYS9YokC37osE7vByLQedXj4Nng1yYl/wLgF/Cy2ycu+VJgPhDHUKg4iLH+UvTk3/ACnO1wFa29GatPLFFBbbv8jY0PfwJT3D/PW+IK8NTvk8cv6tl8JSkZJAn/R9N9OUZi7cKnAVnBvxaNmpX39nEdKmRlbJaUaYy5FL9W6Mb8=\n-----END CERTIFICATE-----".getBytes());
CertificateFactory thirdcf = CertificateFactory.getInstance("X.509");
X509Certificate thirdcert = (X509Certificate) thirdcf.generateCertificate(thirdinputStream);
// Add the cert to a <BinarySecurityToken> element
X509Security thirdbinaryToken = new X509Security(doc);
thirdbinaryToken.setX509Certificate(thirdcert);
X509Certificate[] MyX509Certificates;
MyX509Certificates = new X509Certificate[2];
MyX509Certificates[0] = thirdcert;
MyX509Certificates[1] = secondcert;
Crypto cryptoo = CryptoFactory.getInstance("crypto.properties");
//funktioniert auch wenn in /home/user/Documents/install/apache-tomcat-5.5.20/webapps/axis/WEB-INF/classes/
// die datei crypto.properties wie folgt lautet
//org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
//org.apache.ws.security.crypto.merlin.keystore.type=jks
//org.apache.ws.security.crypto.merlin.keystore.password=passwort
//org.apache.ws.security.crypto.merlin.file=/home/user/Documents/install/apache-tomcat-5.5.20/webapps/axis/WEB-INF/classes/aufgabe/certificatepath/praktikantcert.keystore
boolean reverses;
reverses = false;
PKIPathSecurity MyPKIPathSecurity =null;
MyPKIPathSecurity = new PKIPathSecurity(doc);
MyPKIPathSecurity.setX509Certificates(MyX509Certificates,reverses,cryptoo);
tokenRequest.setBase(new SecurityTokenOrReference(MyPKIPathSecurity));
//tokenRequest.setBase(new SecurityTokenOrReference(thirdbinaryToken));
//tokenRequest.addSupporting(new SecurityTokenOrReference(secondbinaryToken));
}
catch (Exception e)
{
System.out.println(e);
}
SOAPBodyElement sbe = new SOAPBodyElement(tokenRequest.getElement());
env.addBodyElement(sbe);
SOAPEnvelope response = call.invoke(env);
)
)
The service:
public class Service
{
public RequestSecurityTokenResponse exchange(RequestSecurityToken tokenRequest) throws AxisFault
{
if (tokenRequest != null)
{
if (TrustConstants.REQUEST_ISSUE.equals(tokenRequest.getRequestType()))
{
SecurityTokenOrReference requestedToken = null;
Document doc = tokenRequest.getDocument();
if (TokenTypes.USERNAME.equals(tokenRequest.getTokenType()))
{
UsernameToken userToken = new UsernameToken(WSSConfig.getDefaultWSConfig().isPrecisionInMilliSeconds(),doc);
userToken.setName("praktikant");
userToken.setPassword("geheim");
requestedToken = new SecurityTokenOrReference(userToken);
}
RequestSecurityTokenResponse tokenResponse = new RequestSecurityTokenResponse(doc, requestedToken);
tokenResponse.setContext(tokenRequest.getContext());
tokenResponse.setTokenType(tokenRequest.getTokenType());
Lifetime lifetime = tokenRequest.getLifetime();
tokenResponse.setLifetime(lifetime);
if (tokenRequest.getCustomElement("http://testElementNs.testElementNs", "TestElement") != null)
{
tokenResponse.addCustomElementNS("http://testElementNs.testElementNs", "te:TestElementResponse");
}
return tokenResponse;
}
}
return null;
}
}
The deployment:
<deployment xmlns="http://xml.apache.org/axis/wsdd/" xmlns:java="http://xml.apache.org/axis/wsdd/providers/java">
<service name="Servicepath" style="document" use="literal">
<parameter name="allowedMethods" value="*"/>
<parameter name="className" value="aufgabe.certificatepath.Service"/>
<typeMapping
xmlns:ns="http://schemas.xmlsoap.org/ws/2004/04/trust"
qname="ns:RequestSecurityToken"
type="java:org.apache.ws.sandbox.security.trust2.RequestSecurityToken"
serializer="org.apache.ws.sandbox.security.trust2.serialization.RSTSerializerFactory"
deserializer="org.apache.ws.sandbox.security.trust2.serialization.RSTDeserializerFactory"
encodingStyle=""/>
<typeMapping
xmlns:ns="http://schemas.xmlsoap.org/ws/2004/04/trust"
qname="ns:RequestSecurityTokenResponse"
type="java:org.apache.ws.sandbox.security.trust2.RequestSecurityTokenResponse"
serializer="org.apache.ws.sandbox.security.trust2.serialization.RSTResponseSerializerFactory"
deserializer="org.apache.ws.sandbox.security.trust2.serialization.RSTResponseDeserializerFactory"
encodingStyle=""/>
<operation name="exchange" qname="ns1:RequestSecurityToken" xmlns:ns1="http://schemas.xmlsoap.org/ws/2004/04/trust"
returnQName="ns1:RequestSecurityTokenResponse" returnType="ns1:RequestSecurityTokenResponse">
<parameter qname="ns1:RequestSecurityToken" type="ns1:RequestSecurityToken" xmlns:ns1="http://schemas.xmlsoap.org/ws/2004/04/trust"/>
</operation>
</service>
</deployment>
The crypto.properties:
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.keystore.password=passwort
org.apache.ws.security.crypto.merlin.file=/home/user/Documents/install/apache-tomcat-5.5.20/webapps/axis/WEB-INF/classes/aufgabe/certificatepath/praktikantcert.keystore
In the TCPMonitor and with System.out.println(MyPKIPathSecurity);
I have checked that the MyPKIPathSecurity isn`t null.
I have no clue if I have to mention my crypto.properties in the
deployment flie somehow,
or if something wrong with my typemapping.
Could someone please help?
--
Der GMX SmartSurfer hilft bis zu 70% Ihrer Onlinekosten zu sparen!
Ideal für Modem und ISDN: http://www.gmx.net/de/go/smartsurfer
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org